CVE-2006-0774
published 2006-02-19CVE-2006-0774: SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.83%
76.1th percentile
SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lawrence_osiris | db_esession | <= 1.0.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/18805http://www.gulftech.org/?node=research&article_id=00099-02112006http://www.osvdb.org/23104http://www.securityfocus.com/archive/1/424819/100/0/threadedhttp://www.securityfocus.com/archive/1/433132/30/5160/threadedhttp://www.securityfocus.com/bid/16598http://www.vupen.com/english/advisories/2006/0528https://exchange.xforce.ibmcloud.com/vulnerabilities/24673http://secunia.com/advisories/18805http://www.gulftech.org/?node=research&article_id=00099-02112006http://www.osvdb.org/23104http://www.securityfocus.com/archive/1/424819/100/0/threadedhttp://www.securityfocus.com/archive/1/433132/30/5160/threadedhttp://www.securityfocus.com/bid/16598http://www.vupen.com/english/advisories/2006/0528https://exchange.xforce.ibmcloud.com/vulnerabilities/24673
2006-02-19
Published