CVE-2006-1706
published 2006-04-11CVE-2006-1706: Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.27%
80.9th percentile
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kansok_communications | shopweezle | — | — |
| kansok_communications | shopweezle | — | — |
| kansok_communications | shopweezle | — | — |
| kansok_communications | shopweezle | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ShopWeezle 2.0 - 'memo.php?itemID' SQL Injection
exploitdb·2006-04-10
CVE-2006-1706 ShopWeezle 2.0 - 'memo.php?itemID' SQL Injection
ShopWeezle 2.0 - 'memo.php?itemID' SQL Injection
---
source: https://www.securityfocus.com/bid/17441/info
ShopWeezle is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/memo.php?itemID=1[SQL]
Exploit-DB
ShopWeezle 2.0 - 'login.php?itemID' SQL Injection
exploitdb·2006-04-10
CVE-2006-1706 ShopWeezle 2.0 - 'login.php?itemID' SQL Injection
ShopWeezle 2.0 - 'login.php?itemID' SQL Injection
---
source: https://www.securityfocus.com/bid/17441/info
ShopWeezle is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/login.php?caller=xlink&url=detail.php&itemID=1[SQL]
Exploit-DB
ShopWeezle 2.0 - 'index.php' Multiple SQL Injections
exploitdb·2006-04-10
CVE-2006-1706 ShopWeezle 2.0 - 'index.php' Multiple SQL Injections
ShopWeezle 2.0 - 'index.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/17441/info
ShopWeezle is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/index.php?x=0&itemgr=1[SQL]
http://www.example.com/index.php?caller=xlink&url=brand.php&brandID=1[SQL]
http://www.example.com/index.php?x=0&caller=xlink&url=gallery.php&album=1[SQL]
No writeups or analysis indexed.
http://pridels0.blogspot.com/2006/04/shopweezle-20-multiple-vuln.htmlhttp://secunia.com/advisories/19593http://www.osvdb.org/24470http://www.osvdb.org/24471http://www.osvdb.org/24472http://www.osvdb.org/24473http://www.securityfocus.com/bid/17441http://www.vupen.com/english/advisories/2006/1291https://exchange.xforce.ibmcloud.com/vulnerabilities/25723https://exchange.xforce.ibmcloud.com/vulnerabilities/25724http://pridels0.blogspot.com/2006/04/shopweezle-20-multiple-vuln.htmlhttp://secunia.com/advisories/19593http://www.osvdb.org/24470http://www.osvdb.org/24471http://www.osvdb.org/24472http://www.osvdb.org/24473http://www.securityfocus.com/bid/17441http://www.vupen.com/english/advisories/2006/1291https://exchange.xforce.ibmcloud.com/vulnerabilities/25723https://exchange.xforce.ibmcloud.com/vulnerabilities/25724
2006-04-11
Published