Vulnerabilities > CVE-2006-3822 - SQL Injection vulnerability in Geodesicsolutions Geoauctions Enterprise 1.0.6

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

geodesicsolutions

exploit available

NVD

Published: 2006-07-25

Updated: 2011-03-08

Summary

SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter. Successful exploitation requires that the 'accumulative feedback' feature is turned on.

Vulnerable Configurations

Part	Description	Count
Application	Geodesicsolutions Geodesicsolutions Geoauctions Enterprise 1.0.6	1

Exploit-Db

description	GeoAuctions 1.0.6 Enterprise index.php d Parameter SQL Injection. CVE-2006-3822. Webapps exploit for php platform
id	EDB-ID:28249
last seen	2016-02-03
modified	2006-07-20
published	2006-07-20
reporter	LBDT
source	https://www.exploit-db.com/download/28249/
title	GeoAuctions 1.0.6 Enterprise index.php d Parameter SQL Injection

Summary

Vulnerable Configurations

Exploit-Db

References