Vulnerabilities > CVE-2006-5017 - Input Validation vulnerability in E-Vision CMS 1.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
e-vision
exploit available

Summary

SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter.

Vulnerable Configurations

Part Description Count
Application
E-Vision
1

Exploit-Db

descriptione-Vision CMS 2.0 (all_users.php) Remote SQL Injection Exploit. CVE-2006-5017. Webapps exploit for php platform
idEDB-ID:2418
last seen2016-01-31
modified2006-09-22
published2006-09-22
reporterHACKERS PAL
sourcehttps://www.exploit-db.com/download/2418/
titlee-Vision CMS 2.0 all_users.php Remote SQL Injection Exploit