Vulnerabilities > CVE-2006-3330 - Input Validation vulnerability in Deltascripts PHP Classifieds 6.04
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
deltascripts
Summary
Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/20880
- http://securityreason.com/securityalert/1179
- http://securitytracker.com/id?1016407
- http://www.securityfocus.com/archive/1/438667/100/0/threaded
- http://www.securityfocus.com/bid/18713
- http://www.securityfocus.com/bid/18717
- http://www.vupen.com/english/advisories/2006/2589
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27454