Vulnerabilities > CVE-2006-3221 - SQL Injection vulnerability in DataLife Engine Subaction
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description DataLife Engine <= 4.1 Remote SQL Injection Exploit (php). CVE-2006-3221. Webapps exploit for php platform file exploits/php/webapps/1939.php id EDB-ID:1939 last seen 2016-01-31 modified 2006-06-21 platform php port published 2006-06-21 reporter RusH source https://www.exploit-db.com/download/1939/ title DataLife Engine <= 4.1 - Remote SQL Injection Exploit php type webapps description DataLife Engine <= 4.1 Remote SQL Injection Exploit (perl). CVE-2006-3221. Webapps exploit for php platform file exploits/php/webapps/1938.pl id EDB-ID:1938 last seen 2016-01-31 modified 2006-06-21 platform php port published 2006-06-21 reporter RusH source https://www.exploit-db.com/download/1938/ title DataLife Engine <= 4.1 - Remote SQL Injection Exploit perl type webapps