Vulnerabilities > CVE-2006-5107 - Input Validation vulnerability in CubeCart

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
devellion
exploit available
NVD
Published: 2006-10-03
Updated: 2018-10-17

Summary

Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.

Vulnerable Configurations

Part Description Count
Application
Devellion
7

Exploit-Db

  • descriptionCubeCart 3.0.x view_doc.php view_doc Parameter SQL Injection. CVE-2006-5107. Webapps exploit for php platform
    idEDB-ID:28697
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterHACKERS PAL
    sourcehttps://www.exploit-db.com/download/28697/
    titleCubeCart 3.0.x view_doc.php view_doc Parameter SQL Injection
  • descriptionCubeCart 3.0.x view_order.php order_id Parameter SQL Injection. CVE-2006-5107 . Webapps exploit for php platform
    idEDB-ID:28696
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterHACKERS PAL
    sourcehttps://www.exploit-db.com/download/28696/
    titleCubeCart 3.0.x view_order.php order_id Parameter SQL Injection
  • descriptionCubeCart 3.0.x admin/print_order.php order_id Parameter SQL Injection. CVE-2006-5107. Webapps exploit for php platform
    idEDB-ID:28698
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterHACKERS PAL
    sourcehttps://www.exploit-db.com/download/28698/
    titleCubeCart 3.0.x admin/print_order.php order_id Parameter SQL Injection

References