Vulnerabilities > CVE-2006-3292 - Input Validation vulnerability in Jaws 0.6.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

jaws

exploit available

NVD

Published: 2006-06-28

Updated: 2018-10-18

Summary

SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).

Vulnerable Configurations

Part	Description	Count
Application	Jaws Jaws Jaws 0.6.2	1

Exploit-Db

description	Jaws <= 0.6.2 (Search gadget) Remote SQL Injection Exploit. CVE-2006-3292. Webapps exploit for php platform
id	EDB-ID:1946
last seen	2016-01-31
modified	2006-06-23
published	2006-06-23
reporter	rgod
source	https://www.exploit-db.com/download/1946/
title	Jaws <= 0.6.2 Search gadget Remote SQL Injection Exploit

References

http://retrogod.altervista.org/JAWS_062_sql.html
http://secunia.com/advisories/20842
http://securityreason.com/securityalert/1165
http://www.jaws-project.com/index.php?blog/show/29
http://www.securityfocus.com/archive/1/438434/100/0/threaded
http://www.securityfocus.com/bid/18665
http://www.vupen.com/english/advisories/2006/2546
https://exchange.xforce.ibmcloud.com/vulnerabilities/27334