{"api_version":"1","generated_at":"2026-07-04T00:59:03+00:00","cve":"CVE-2006-3135","urls":{"html":"https://cve.report/CVE-2006-3135","api":"https://cve.report/api/cve/CVE-2006-3135.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3135","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3135"},"summary":{"title":"CVE-2006-3135","description":"Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.","state":"PUBLIC","assigner":"PSIRT-CNA@flexerasoftware.com","published_at":"2006-07-13 21:05:00","updated_at":"2017-07-20 01:32:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.osvdb.org/27140","name":"27140","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.osvdb.org/27139","name":"27139","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/2783","name":"ADV-2006-2783","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/secunia_research/2006-52/advisory/","name":"http://secunia.com/secunia_research/2006-52/advisory/","refsource":"MISC","tags":["Vendor Advisory"],"title":"About Secunia Research | Flexera","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://securityreason.com/securityalert/1236","name":"1236","refsource":"SREASON","tags":[],"title":"CMS Mundo 1.0 build 008 SQL Injection - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/27142","name":"27142","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27712","name":"cmsmundo-index-sql-injection(27712)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20589","name":"20589","refsource":"SECUNIA","tags":["Exploit","Vendor Advisory"],"title":"Secunia - Advisories - CMS Mundo SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/27141","name":"27141","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.osvdb.org/27143","name":"27143","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3135","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3135","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3135","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hotwebscripts","cpe5":"cms_mundo","cpe6":"1.0_build_008","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3135","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hotwebscripts","cpe5":"cms_mundo","cpe6":"1.0_build_008","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"PSIRT-CNA@flexerasoftware.com","ID":"CVE-2006-3135","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://secunia.com/secunia_research/2006-52/advisory/","refsource":"MISC","url":"http://secunia.com/secunia_research/2006-52/advisory/"},{"name":"20589","refsource":"SECUNIA","url":"http://secunia.com/advisories/20589"},{"name":"27143","refsource":"OSVDB","url":"http://www.osvdb.org/27143"},{"name":"1236","refsource":"SREASON","url":"http://securityreason.com/securityalert/1236"},{"name":"27139","refsource":"OSVDB","url":"http://www.osvdb.org/27139"},{"name":"27140","refsource":"OSVDB","url":"http://www.osvdb.org/27140"},{"name":"27142","refsource":"OSVDB","url":"http://www.osvdb.org/27142"},{"name":"ADV-2006-2783","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2783"},{"name":"cmsmundo-index-sql-injection(27712)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27712"},{"name":"27141","refsource":"OSVDB","url":"http://www.osvdb.org/27141"}]}},"nvd":{"publishedDate":"2006-07-13 21:05:00","lastModifiedDate":"2017-07-20 01:32:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_008:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3135","Ordinal":"18460","Title":"CVE-2006-3135","CVE":"CVE-2006-3135","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3135","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3135","Ordinal":"2","NoteData":"2006-07-13","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3135","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}