Vulnerabilities > CVE-2006-3402 - SQL Injection vulnerability in Virtuastore 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | VirtuaStore 2.0 Password Parameter SQL Injection Vulnerability. CVE-2006-3402. Webapps exploit for php platform |
| id | EDB-ID:28157 |
| last seen | 2016-02-03 |
| modified | 2006-07-03 |
| published | 2006-07-03 |
| reporter | supermalhacao |
| source | https://www.exploit-db.com/download/28157/ |
| title | VirtuaStore 2.0 Password Parameter SQL Injection Vulnerability |