Vulnerabilities > CVE-2006-4960 - Input Validation vulnerability in PHPBlueDragon CMS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Php Blue Dragon CMS <= 2.9.1 (XSS/SQL) Code Execution Exploit. CVE-2006-4960,CVE-2006-4961,CVE-2006-4962. Webapps exploit for php platform |
file | exploits/php/webapps/2402.php |
id | EDB-ID:2402 |
last seen | 2016-01-31 |
modified | 2006-09-20 |
platform | php |
port | |
published | 2006-09-20 |
reporter | Kacper |
source | https://www.exploit-db.com/download/2402/ |
title | Php Blue Dragon CMS <= 2.9.1 XSS/SQL Code Execution Exploit |
type | webapps |