Vulnerabilities > CVE-2006-5107 - Input Validation vulnerability in CubeCart
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Exploit-Db
description CubeCart 3.0.x view_doc.php view_doc Parameter SQL Injection. CVE-2006-5107. Webapps exploit for php platform id EDB-ID:28697 last seen 2016-02-03 modified 2006-09-26 published 2006-09-26 reporter HACKERS PAL source https://www.exploit-db.com/download/28697/ title CubeCart 3.0.x view_doc.php view_doc Parameter SQL Injection description CubeCart 3.0.x view_order.php order_id Parameter SQL Injection. CVE-2006-5107 . Webapps exploit for php platform id EDB-ID:28696 last seen 2016-02-03 modified 2006-09-26 published 2006-09-26 reporter HACKERS PAL source https://www.exploit-db.com/download/28696/ title CubeCart 3.0.x view_order.php order_id Parameter SQL Injection description CubeCart 3.0.x admin/print_order.php order_id Parameter SQL Injection. CVE-2006-5107. Webapps exploit for php platform id EDB-ID:28698 last seen 2016-02-03 modified 2006-09-26 published 2006-09-26 reporter HACKERS PAL source https://www.exploit-db.com/download/28698/ title CubeCart 3.0.x admin/print_order.php order_id Parameter SQL Injection