Vulnerabilities > CVE-2006-3271 - SQL Injection vulnerability in Softbiz Dating Script 1.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
softbiz
exploit available
NVD
Published: 2006-06-28
Updated: 2018-10-18

Summary

Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.

Vulnerable Configurations

Part Description Count
Application
Softbiz
1

Exploit-Db

  • descriptionSoftBiz Dating Script 1.0 featured_photos.php browse Parameter SQL Injection. CVE-2006-3271. Webapps exploit for php platform
    idEDB-ID:28093
    last seen2016-02-03
    modified2006-06-22
    published2006-06-22
    reporterEllipSiS Security
    sourcehttps://www.exploit-db.com/download/28093/
    titleSoftBiz Dating Script 1.0 featured_photos.php browse Parameter SQL Injection
  • descriptionSoftBiz Dating Script 1.0 products.php cid Parameter SQL Injection. CVE-2006-3271. Webapps exploit for php platform
    idEDB-ID:28094
    last seen2016-02-03
    modified2006-06-22
    published2006-06-22
    reporterEllipSiS Security
    sourcehttps://www.exploit-db.com/download/28094/
    titleSoftBiz Dating Script 1.0 products.php cid Parameter SQL Injection
  • descriptionSoftBiz Dating Script 1.0 news_desc.php id Parameter SQL Injection. CVE-2006-3271. Webapps exploit for php platform
    idEDB-ID:28096
    last seen2016-02-03
    modified2006-06-22
    published2006-06-22
    reporterEllipSiS Security
    sourcehttps://www.exploit-db.com/download/28096/
    titleSoftBiz Dating Script 1.0 news_desc.php id Parameter SQL Injection
  • descriptionSoftBizScripts Dating Script SQL Injection Vunerability. CVE-2006-3271. Webapps exploit for php platform
    idEDB-ID:12438
    last seen2016-02-01
    modified2010-04-28
    published2010-04-28
    reporter41.w4r10r
    sourcehttps://www.exploit-db.com/download/12438/
    titleSoftBizScripts Dating Script SQL Injection Vunerability
  • descriptionSoftBiz Dating Script 1.0 index.php cid Parameter SQL Injection. CVE-2006-3271. Webapps exploit for php platform
    idEDB-ID:28095
    last seen2016-02-03
    modified2006-06-22
    published2006-06-22
    reporterEllipSiS Security
    sourcehttps://www.exploit-db.com/download/28095/
    titleSoftBiz Dating Script 1.0 index.php cid Parameter SQL Injection

References