CVE-2006-2508

Опубликовано: 22 мая 2006

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php.

Ссылки

http://secunia.com/advisories/20213
Vendor Advisory
http://securityreason.com/securityalert/931
http://www.osvdb.org/25691
Exploit
http://www.osvdb.org/25692
Exploit
http://www.securityfocus.com/archive/1/434527/100/0/threaded
http://www.securityfocus.com/bid/18044
Exploit
http://www.vupen.com/english/advisories/2006/1897
https://exchange.xforce.ibmcloud.com/vulnerabilities/26569
https://exchange.xforce.ibmcloud.com/vulnerabilities/26570
http://secunia.com/advisories/20213
Vendor Advisory
http://securityreason.com/securityalert/931
http://www.osvdb.org/25691
Exploit
http://www.osvdb.org/25692
Exploit
http://www.securityfocus.com/archive/1/434527/100/0/threaded
http://www.securityfocus.com/bid/18044
Exploit
http://www.vupen.com/english/advisories/2006/1897
https://exchange.xforce.ibmcloud.com/vulnerabilities/26569
https://exchange.xforce.ibmcloud.com/vulnerabilities/26570

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yourfreeworld:stylish_text_ads_script:*:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.03095

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-f3wc-6gw8-j689

github

почти 4 года назад