Vulnerabilities > CVE-2006-4961 - Unspecified vulnerability in Blue Dragon PHP Blue Dragon Platinum2.8.0/Platinum2.9.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN blue-dragon
exploit available
Summary
SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Php Blue Dragon CMS <= 2.9.1 (XSS/SQL) Code Execution Exploit. CVE-2006-4960,CVE-2006-4961,CVE-2006-4962. Webapps exploit for php platform |
| file | exploits/php/webapps/2402.php |
| id | EDB-ID:2402 |
| last seen | 2016-01-31 |
| modified | 2006-09-20 |
| platform | php |
| port | |
| published | 2006-09-20 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2402/ |
| title | Php Blue Dragon CMS <= 2.9.1 XSS/SQL Code Execution Exploit |
| type | webapps |
References
- http://secunia.com/advisories/22031
- http://secunia.com/advisories/22031
- http://www.securityfocus.com/bid/20123
- http://www.securityfocus.com/bid/20123
- http://www.vupen.com/english/advisories/2006/3736
- http://www.vupen.com/english/advisories/2006/3736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29051
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29051
- https://www.exploit-db.com/exploits/2402
- https://www.exploit-db.com/exploits/2402