CVE-2006-3926 - Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary

CVE-2006-3926

Summary

Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.

References

http://archives.neohapsis.com/archives/bugtraq/2006-07/0474.html
http://secunia.com/advisories/21201
http://securityreason.com/securityalert/1298
http://securitytracker.com/id?1016595
http://www.osvdb.org/27545
http://www.osvdb.org/27546
http://www.securityfocus.com/bid/19158
https://exchange.xforce.ibmcloud.com/vulnerabilities/28032

Vulnerable Configurations

cpe:2.3:a:php_pro_bid:php_pro_bid:5.24:*:*:*:*:*:*:*
cpe:2.3:a:php_pro_bid:php_pro_bid:5.24:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19158
bugtraq	20060725 Phpprobid <= 5.24 XSS SQL injection Vulnerability
osvdb	27545 27546
sectrack	1016595
secunia	21201
sreason	1298
xf	phpprobid-categories-sql-injection(28032)

Last major update

20-07-2017 - 01:32

Published

31-07-2006 - 21:04

Last modified

20-07-2017 - 01:32