CVE-2006-3135
Summary
| CVE | CVE-2006-3135 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-07-13 21:05:00 UTC |
| Updated | 2017-07-20 01:32:00 UTC |
| Description | Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hotwebscripts | Cms Mundo | 1.0_build_008 | All | All | All |
| Application | Hotwebscripts | Cms Mundo | 1.0_build_008 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 27140 | OSVDB | www.osvdb.org | |
| 27139 | OSVDB | www.osvdb.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| About Secunia Research | Flexera | MISC | secunia.com | Vendor Advisory |
| CMS Mundo 1.0 build 008 SQL Injection - CXSecurity.com | SREASON | securityreason.com | |
| 27142 | OSVDB | www.osvdb.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Secunia - Advisories - CMS Mundo SQL Injection Vulnerabilities | SECUNIA | secunia.com | Exploit, Vendor Advisory |
| 27141 | OSVDB | www.osvdb.org | |
| 27143 | OSVDB | www.osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.