Back to search
CVE-2006-1706
Published: Apr 11, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
24473
vdb-entry
x_refsource_OSVDB
19593
third-party-advisory
x_refsource_SECUNIA
24472
vdb-entry
x_refsource_OSVDB
17441
vdb-entry
x_refsource_BID
24471
vdb-entry
x_refsource_OSVDB
shopweezle-multiple-sql-injection(25723)
vdb-entry
x_refsource_XF
24470
vdb-entry
x_refsource_OSVDB
ADV-2006-1291
vdb-entry
x_refsource_VUPEN
shopweezle-multiple-path-disclosure(25724)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now