Back to search
CVE-2006-2268
Published: May 9, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
25342
vdb-entry
x_refsource_OSVDB
858
third-party-advisory
x_refsource_SREASON
flexcustomer-usercheek-sql-injection(47651)
vdb-entry
x_refsource_XF
20060506 FlexCustomer <= 0.0.4 sql injection
mailing-list
x_refsource_BUGTRAQ
20016
third-party-advisory
x_refsource_SECUNIA
17864
vdb-entry
x_refsource_BID
flexcustomer-login-sql-injection(26323)
vdb-entry
x_refsource_XF
ADV-2006-1690
vdb-entry
x_refsource_VUPEN
25343
vdb-entry
x_refsource_OSVDB
7622
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now