Vulnerabilities > CVE-2006-3221 - Unspecified vulnerability in Softnews Media Group Datalife Engine
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN softnews-media-group
exploit available
Summary
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description DataLife Engine <= 4.1 Remote SQL Injection Exploit (php). CVE-2006-3221. Webapps exploit for php platform file exploits/php/webapps/1939.php id EDB-ID:1939 last seen 2016-01-31 modified 2006-06-21 platform php port published 2006-06-21 reporter RusH source https://www.exploit-db.com/download/1939/ title DataLife Engine <= 4.1 - Remote SQL Injection Exploit php type webapps description DataLife Engine <= 4.1 Remote SQL Injection Exploit (perl). CVE-2006-3221. Webapps exploit for php platform file exploits/php/webapps/1938.pl id EDB-ID:1938 last seen 2016-01-31 modified 2006-06-21 platform php port published 2006-06-21 reporter RusH source https://www.exploit-db.com/download/1938/ title DataLife Engine <= 4.1 - Remote SQL Injection Exploit perl type webapps
References
- http://secunia.com/advisories/20765
- http://secunia.com/advisories/20765
- http://www.securityfocus.com/bid/18592
- http://www.securityfocus.com/bid/18592
- http://www.vupen.com/english/advisories/2006/2486
- http://www.vupen.com/english/advisories/2006/2486
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27321
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27321
- https://www.exploit-db.com/exploits/1938
- https://www.exploit-db.com/exploits/1938
- https://www.exploit-db.com/exploits/1939
- https://www.exploit-db.com/exploits/1939