Vulnerabilities > CVE-2006-3727 - SQL Injection vulnerability in Eskolar CMS Eskolar CMS 0.9.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly other vectors related to files in php/lib/ including (c) del.php, (d) download_backup.php, (e) navig.php, (f) restore.php, (g) set_12.php, (h) set_14.php, and (i) upd_doc.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Eskolar CMS 0.9.0.0 Remote Blind SQL Injection Exploit. CVE-2006-3727. Webapps exploit for php platform |
| file | exploits/php/webapps/2032.pl |
| id | EDB-ID:2032 |
| last seen | 2016-01-31 |
| modified | 2006-07-18 |
| platform | php |
| port | |
| published | 2006-07-18 |
| reporter | Jacek Wlodarczyk |
| source | https://www.exploit-db.com/download/2032/ |
| title | Eskolar CMS 0.9.0.0 - Remote Blind SQL Injection Exploit |
| type | webapps |
References
- http://secunia.com/advisories/21101
- http://www.osvdb.org/27391
- http://www.osvdb.org/27392
- http://www.osvdb.org/27393
- http://www.osvdb.org/27394
- http://www.osvdb.org/27395
- http://www.osvdb.org/27396
- http://www.osvdb.org/27397
- http://www.osvdb.org/27398
- http://www.osvdb.org/27399
- http://www.securityfocus.com/bid/19045
- http://www.vupen.com/english/advisories/2006/2869
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27809
- https://www.exploit-db.com/exploits/2032