CVE-2006-3823
published 2006-07-25CVE-2006-3823: SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to…
PriorityP432medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
1.86%
76.6th percentile
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geodesicsolutions | geoauctions_premier | — | — |
| geodesicsolutions | geoclassifieds_basic | — | — |
| geodesicsolutions | geocore_max | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cj67-w5rj-88rh: Multiple SQL injection vulnerabilities in register
ghsa_unreviewed·2022-05-17·CVSS 5.1
CVE-2014-3871 [MEDIUM] CWE-89 GHSA-cj67-w5rj-88rh: Multiple SQL injection vulnerabilities in register
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.
GHSA
GHSA-4ch2-c55v-gqqf: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2006-3823 [MEDIUM] CWE-89 GHSA-4ch2-c55v-gqqf: SQL injection vulnerability in index
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.
No detection rules found.
Exploit-DB
GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection
exploitdb·2014-04-28
CVE-2014-3871 GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection
GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection
---
###########################################################################################
#Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection
#Official site: http://geodesicsolutions.com
#Risk Level: High
#Vendor : http://geodesicsolutions.com
#Exploit Author: Esac
#Homepage author : www.iss4m.ma
#Last Checked: 25/04/2014
###########################################################################################
+----------+
| OVERVIEW |
+----------+
GeoCore is the new name for all Geodesic Solutions software packages beginning with version 7.0.0.
The products previously known as:
GeoClassAuctions Enterprise
GeoClassifieds Enterprise
GeoClassifieds Premier
GeoClassifieds Basic
GeoAuctions Enterprise
GeoAuctions
Exploit-DB
Geodesic Solutions (Multiple Products) - 'index.php?b' SQL Injection
exploitdb·2006-07-20
CVE-2006-3823 Geodesic Solutions (Multiple Products) - 'index.php?b' SQL Injection
Geodesic Solutions (Multiple Products) - 'index.php?b' SQL Injection
---
source: https://www.securityfocus.com/bid/19093/info
GeodesicSolutions products are prone to multiple SQL-injection vulnerabilities because the applications fail to properly sanitize user-supplied input before using it in an SQL query.
A successful attack could allow an attacker to compromise the software, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Note that these vulnerabilities occur only when the 'accumulative feedback' feature is turned on.
http://www.example.com/GeoAuctions/index.php?a=2&b=[SQL]
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/106367http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.htmlhttp://secunia.com/advisories/21340http://secunia.com/advisories/58308http://www.exploit-db.com/exploits/33075http://www.packetstormsecurity.org/0607-exploits/geoauctionsSQL.txthttp://www.securityfocus.com/bid/19093http://www.securityfocus.com/bid/67078http://www.vupen.com/english/advisories/2006/3132http://osvdb.org/show/osvdb/106367http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.htmlhttp://secunia.com/advisories/21340http://secunia.com/advisories/58308http://www.exploit-db.com/exploits/33075http://www.packetstormsecurity.org/0607-exploits/geoauctionsSQL.txthttp://www.securityfocus.com/bid/19093http://www.securityfocus.com/bid/67078http://www.vupen.com/english/advisories/2006/3132
2006-07-25
Published