Vulnerabilities > CVE-2006-3221 - SQL Injection vulnerability in DataLife Engine Subaction

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
softnews-media-group
exploit available
NVD
Published: 2006-06-24
Updated: 2017-10-19

Summary

SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.

Vulnerable Configurations

Part Description Count
Application
Softnews_Media_Group
1

Exploit-Db

  • descriptionDataLife Engine <= 4.1 Remote SQL Injection Exploit (php). CVE-2006-3221. Webapps exploit for php platform
    fileexploits/php/webapps/1939.php
    idEDB-ID:1939
    last seen2016-01-31
    modified2006-06-21
    platformphp
    port
    published2006-06-21
    reporterRusH
    sourcehttps://www.exploit-db.com/download/1939/
    titleDataLife Engine <= 4.1 - Remote SQL Injection Exploit php
    typewebapps
  • descriptionDataLife Engine <= 4.1 Remote SQL Injection Exploit (perl). CVE-2006-3221. Webapps exploit for php platform
    fileexploits/php/webapps/1938.pl
    idEDB-ID:1938
    last seen2016-01-31
    modified2006-06-21
    platformphp
    port
    published2006-06-21
    reporterRusH
    sourcehttps://www.exploit-db.com/download/1938/
    titleDataLife Engine <= 4.1 - Remote SQL Injection Exploit perl
    typewebapps

References