Back to search
CVE-2006-1534
Published: Mar 30, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Null news allow remote attackers to execute arbitrary SQL commands via (1) the user_email parameter in (a) lostpass.php, and the (2) user_email and (3) user_username parameters in (b) sub.php and (c) unsub.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
24240
vdb-entry
x_refsource_OSVDB
24241
vdb-entry
x_refsource_OSVDB
19413
third-party-advisory
x_refsource_SECUNIA
http://evuln.com/vulns/109/summary.html
x_refsource_MISC
nullnews-multiple-sql-injection(25502)
vdb-entry
x_refsource_XF
20060408 [eVuln] Null news SQL Injection Vulnerability
mailing-list
x_refsource_BUGTRAQ
24242
vdb-entry
x_refsource_OSVDB
ADV-2006-1151
vdb-entry
x_refsource_VUPEN
17300
vdb-entry
x_refsource_BID
682
third-party-advisory
x_refsource_SREASON
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now