Vulnerabilities > CVE-2006-6067 - Unspecified vulnerability in 20 Applications 20 Datashed 1.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN 20-20-applications
exploit available
Summary
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description 20/20 Applications Data Shed 1.0 f-email.asp itemID Parameter SQL Injection. CVE-2006-6067. Webapps exploit for asp platform id EDB-ID:29077 last seen 2016-02-03 modified 2006-11-17 published 2006-11-17 reporter laurent gaffie source https://www.exploit-db.com/download/29077/ title 20/20 Applications Data Shed 1.0 f-email.asp itemID Parameter SQL Injection description 20/20 Applications Data Shed 1.0 listings.asp Multiple Parameter SQL Injection. CVE-2006-6067 . Webapps exploit for asp platform id EDB-ID:29078 last seen 2016-02-03 modified 2006-11-17 published 2006-11-17 reporter laurent gaffie source https://www.exploit-db.com/download/29078/ title 20/20 Applications Data Shed 1.0 listings.asp Multiple Parameter SQL Injection
References
- http://s-a-p.ca/index.php?page=OurAdvisories&id=40
- http://s-a-p.ca/index.php?page=OurAdvisories&id=40
- http://www.securityfocus.com/archive/1/451962/100/0/threaded
- http://www.securityfocus.com/archive/1/451962/100/0/threaded
- http://www.securityfocus.com/bid/21156
- http://www.securityfocus.com/bid/21156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30402
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30402