CVE-2006-0906
published 2006-02-28CVE-2006-0906: SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2)…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.25%
65.6th percentile
SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2) catogary.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| top_line | d3jeeb_pro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
D3Jeeb Pro 3 - 'fastlinks.php?catid' SQL Injection
exploitdb·2006-02-25
CVE-2006-0906 D3Jeeb Pro 3 - 'fastlinks.php?catid' SQL Injection
D3Jeeb Pro 3 - 'fastlinks.php?catid' SQL Injection
---
source: https://www.securityfocus.com/bid/16853/info
D3Jeeb is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/fastlinks.php?catid=[SQL]
Exploit-DB
D3Jeeb Pro 3 - 'catogary.php?catid' SQL Injection
exploitdb·2006-02-25
CVE-2006-0906 D3Jeeb Pro 3 - 'catogary.php?catid' SQL Injection
D3Jeeb Pro 3 - 'catogary.php?catid' SQL Injection
---
source: https://www.securityfocus.com/bid/16853/info
D3Jeeb is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/catogary.php?catid=[SQL]
Bugzilla
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
bugzilla·2007-02-20·CVSS 7.5
CVE-2007-0906 [HIGH] CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
+++ This bug was initially created as a clone of Bug #228858 +++
Description of problem:
1. If unserializing untrusted data on 64-bit platforms the
zend_hash_init() function can be forced to enter an infinite loop,
consuming CPU resources, for a limited length of time, until the
script timeout alarm aborts the script (CVE-2007-0988)
2. If a script uses the imap_mail_compose() function to create a new MIME
message based on an input body from an untrusted source, an attacker may be able
to force a heap overflow (CVE-2006-0906)
3. If the format string could passed to one of the functions in the printf()
family could be controlled by an attacker via untrusted data, then an
out-of-b
Bugzilla
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
bugzilla·2007-02-16·CVSS 7.5
CVE-2007-0906 [HIGH] CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
+++ This bug was initially created as a clone of Bug #228858 +++
Description of problem:
1. If unserializing untrusted data on 64-bit platforms the
zend_hash_init() function can be forced to enter an infinite loop,
consuming CPU resources, for a limited length of time, until the
script timeout alarm aborts the script (CVE-NO-NAME)
2. If a script uses the imap_mail_compose() function to create a new MIME
message based on an input body from an untrusted source, an attacker may be able
to force a heap overflow (CVE-2006-0906)
3. If the format string could passed to one of the functions in the printf()
family could be controlled by an attacker via untrusted data, then an
out-of-bou
Bugzilla
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
bugzilla·2007-02-15·CVSS 7.5
CVE-2007-0906 [HIGH] CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
Description of problem:
1. If unserializing untrusted data on 64-bit platforms the
zend_hash_init() function can be forced to enter an infinite loop,
consuming CPU resources, for a limited length of time, until the
script timeout alarm aborts the script (CVE-NO-NAME)
2. If a script uses the imap_mail_compose() function to create a new MIME
message based on an input body from an untrusted source, an attacker may be able
to force a heap overflow (CVE-2006-0906)
3. If the format string could passed to one of the functions in the printf()
family could be controlled by an attacker via untrusted data, then an
out-of-bounds memory read could crash the Apache child process (CVE-2006-090
http://secunia.com/advisories/19062http://securitytracker.com/id?1015687http://www.securityfocus.com/archive/1/426197/100/0/threadedhttp://www.securityfocus.com/bid/16853http://www.vupen.com/english/advisories/2006/0757https://exchange.xforce.ibmcloud.com/vulnerabilities/24941http://secunia.com/advisories/19062http://securitytracker.com/id?1015687http://www.securityfocus.com/archive/1/426197/100/0/threadedhttp://www.securityfocus.com/bid/16853http://www.vupen.com/english/advisories/2006/0757https://exchange.xforce.ibmcloud.com/vulnerabilities/24941
2006-02-28
Published