Vulnerabilities > CVE-2006-5446 - SQL Injection vulnerability in Casinosoft Casino Script 3.2

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
casinosoft
exploit available
NVD
Published: 2006-10-23
Updated: 2017-07-20

Summary

SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter. Successful exploitation requires that "magic_quotes_gpc" is disabled.

Vulnerable Configurations

Part Description Count
Application
Casinosoft
1

Exploit-Db

descriptionCasinosoft Casino Script 3.2 Config.PHP SQL Injection Vulnerability. CVE-2006-5446. Webapps exploit for php platform
idEDB-ID:28833
last seen2016-02-03
modified2006-10-20
published2006-10-20
reporterG1UK
sourcehttps://www.exploit-db.com/download/28833/
titleCasinosoft Casino Script 3.2 Config.PHP SQL Injection Vulnerability

References