Vulnerabilities > CVE-2006-6067 - Unspecified vulnerability in 20 Applications 20 Datashed 1.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
20-20-applications
exploit available
NVD
Published: 2006-11-22
Updated: 2024-02-14

Summary

Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.

Vulnerable Configurations

Part Description Count
Application
20_20_Applications
1

Exploit-Db

  • description20/20 Applications Data Shed 1.0 f-email.asp itemID Parameter SQL Injection. CVE-2006-6067. Webapps exploit for asp platform
    idEDB-ID:29077
    last seen2016-02-03
    modified2006-11-17
    published2006-11-17
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29077/
    title20/20 Applications Data Shed 1.0 f-email.asp itemID Parameter SQL Injection
  • description20/20 Applications Data Shed 1.0 listings.asp Multiple Parameter SQL Injection. CVE-2006-6067 . Webapps exploit for asp platform
    idEDB-ID:29078
    last seen2016-02-03
    modified2006-11-17
    published2006-11-17
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29078/
    title20/20 Applications Data Shed 1.0 listings.asp Multiple Parameter SQL Injection

References