CVE-2006-3271
published 2006-06-28CVE-2006-3271: Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.31%
67.1th percentile
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softbizscripts | dating_script | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m645-386w-2j36: SQL injection vulnerability in cat_products
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-2790 [HIGH] CWE-89 GHSA-m645-386w-2j36: SQL injection vulnerability in cat_products
SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.
GHSA
GHSA-cmp6-xw5c-rm8q: Multiple SQL injection vulnerabilities in Softbiz Dating 1
ghsa_unreviewed·2022-05-01
CVE-2006-3271 [HIGH] GHSA-cmp6-xw5c-rm8q: Multiple SQL injection vulnerabilities in Softbiz Dating 1
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
No detection rules found.
Exploit-DB
SoftBizScripts Dating Script - SQL Injection
exploitdb·2010-04-28
CVE-2006-3271 SoftBizScripts Dating Script - SQL Injection
SoftBizScripts Dating Script - SQL Injection
---
# Exploit Title: SoftBizScripts Dating Script SQL Injection Vunerability
# Date: 29-4-2010
# Author: 41.w4r10r
# Vendor Link : http://softbizscripts.com/
# Version: Web Application
# Tested on: Apcahe/Unix
# CVE : [if exists]
# Dork : inurl:"search_results.php?browse=1"
# Code :
############################################################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber
Warriors]
#Thanks:
SaiSatish,FB1H2S,Godwin_Austin,Micr0,Harin,Jappy,Dark_Blue,sid3^3f3c7
#Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d
#Catch us at www.andhrahackers.com or www.teamicw.in
############################################################################
Exploited Link :
http://example.com/search_results.php?browse=1'
Exploit-DB
SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection
exploitdb·2006-06-22
CVE-2006-3271 SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection
---
source: https://www.securityfocus.com/bid/18605/info
Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/featured_photos.php?browse=1[SQL]
Exploit-DB
SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection
exploitdb·2006-06-22
CVE-2006-3271 SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection
---
source: https://www.securityfocus.com/bid/18605/info
Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/products.php?cid=1[SQL]
Exploit-DB
SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection
exploitdb·2006-06-22
CVE-2006-3271 SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection
---
source: https://www.securityfocus.com/bid/18605/info
Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/index.php?cid=1'[SQL]
Exploit-DB
SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection
exploitdb·2006-06-22
CVE-2006-3271 SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection
---
source: https://www.securityfocus.com/bid/18605/info
Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/news_desc.php?id=1[SQL]
No writeups or analysis indexed.
http://secunia.com/advisories/20802http://securityreason.com/securityalert/1163http://www.securityfocus.com/archive/1/438245/100/0/threadedhttp://www.securityfocus.com/bid/18605http://www.vupen.com/english/advisories/2006/2512https://exchange.xforce.ibmcloud.com/vulnerabilities/27383http://secunia.com/advisories/20802http://securityreason.com/securityalert/1163http://www.securityfocus.com/archive/1/438245/100/0/threadedhttp://www.securityfocus.com/bid/18605http://www.vupen.com/english/advisories/2006/2512https://exchange.xforce.ibmcloud.com/vulnerabilities/27383
2006-06-28
Published