CVE-2006-5107
published 2006-10-03CVE-2006-5107: Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.09%
61.4th percentile
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CubeCart 3.0.x - '/admin/print_order.php?order_id' SQL Injection
exploitdb·2006-09-26
CVE-2006-5107 CubeCart 3.0.x - '/admin/print_order.php?order_id' SQL Injection
CubeCart 3.0.x - '/admin/print_order.php?order_id' SQL Injection
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/admin/print_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,
27,28,29,30/*
Exploit-DB
CubeCart 3.0.x - 'view_doc.php?view_doc' SQL Injection
exploitdb·2006-09-26
CVE-2006-5107 CubeCart 3.0.x - 'view_doc.php?view_doc' SQL Injection
CubeCart 3.0.x - 'view_doc.php?view_doc' SQL Injection
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/view_doc.php?view_doc=-1'%20union%20select%201,2/*
Exploit-DB
CubeCart 3.0.x - 'view_order.php?order_id' SQL Injection
exploitdb·2006-09-26
CVE-2006-5107 CubeCart 3.0.x - 'view_order.php?order_id' SQL Injection
CubeCart 3.0.x - 'view_order.php?order_id' SQL Injection
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/view_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2
9,30/*
Exploit-DB
CubeCart 3.0.x - '/admin/forgot_pass.php?user_name' SQL Injection
exploitdb·2006-09-26
CVE-2006-5107 CubeCart 3.0.x - '/admin/forgot_pass.php?user_name' SQL Injection
CubeCart 3.0.x - '/admin/forgot_pass.php?user_name' SQL Injection
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/admin/forgot_pass.php?submit=1&user_name=-1'or%201=1/*
http://www.example.com/admin/forgot_pass.php?submit=1&user_name=-1'%20union%20select%201,2,3,4,5,
No writeups or analysis indexed.
http://securityreason.com/securityalert/1662http://www.securityfocus.com/archive/1/447009/100/0/threadedhttp://www.securityfocus.com/bid/20215https://exchange.xforce.ibmcloud.com/vulnerabilities/29176http://securityreason.com/securityalert/1662http://www.securityfocus.com/archive/1/447009/100/0/threadedhttp://www.securityfocus.com/bid/20215https://exchange.xforce.ibmcloud.com/vulnerabilities/29176
2006-10-03
Published