Vulnerabilities > CVE-2006-6478 - Input Validation vulnerability in Scriptphp Annoncescripthp 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description AnnonceScriptHP 2.0 admin/admin_membre/fiche_membre.php idmembre Parameter SQL Injection. CVE-2006-6478. Webapps exploit for php platform id EDB-ID:29246 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29246/ title AnnonceScriptHP 2.0 admin/admin_membre/fiche_membre.php idmembre Parameter SQL Injection description AnnonceScriptHP 2.0 email.php id Parameter SQL Injection. CVE-2006-6478. Webapps exploit for php platform id EDB-ID:29252 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29252/ title AnnonceScriptHP 2.0 email.php id Parameter SQL Injection description AnnonceScriptHP 2.0 voirannonce.php no Parameter SQL Injection. CVE-2006-6478. Webapps exploit for php platform id EDB-ID:29253 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29253/ title AnnonceScriptHP 2.0 voirannonce.php no Parameter SQL Injection