CVE-2006-5945
published 2006-11-17CVE-2006-5945: Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.27%
66.3th percentile
Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Car Site Manager - '/csm/asp/detail.asp?p' SQL Injection
exploitdb·2006-11-14
CVE-2006-5945 Car Site Manager - '/csm/asp/detail.asp?p' SQL Injection
Car Site Manager - '/csm/asp/detail.asp?p' SQL Injection
---
source: https://www.securityfocus.com/bid/21066/info
Car Site Manager is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/csm/asp/detail.asp?l=&p='[sql]
Exploit-DB
Car Site Manager - '/csm/asp/listings.asp' Multiple SQL Injections
exploitdb·2006-11-14
CVE-2006-5945 Car Site Manager - '/csm/asp/listings.asp' Multiple SQL Injections
Car Site Manager - '/csm/asp/listings.asp' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/21066/info
Car Site Manager is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/csm/asp/listings.asp?l='[sql]
http://www.example.com/csm/asp/listings.asp?s=search&typ='[sql]
http://www.example.com/csm/asp/listings.asp?s=search&typ=4&loc='[sql]
No writeups or analysis indexed.
http://s-a-p.ca/index.php?page=OurAdvisories&id=17http://secunia.com/advisories/22914http://securityreason.com/securityalert/1876http://www.securityfocus.com/archive/1/451557/100/0/threadedhttp://www.securityfocus.com/bid/21066http://www.vupen.com/english/advisories/2006/4532https://exchange.xforce.ibmcloud.com/vulnerabilities/30273http://s-a-p.ca/index.php?page=OurAdvisories&id=17http://secunia.com/advisories/22914http://securityreason.com/securityalert/1876http://www.securityfocus.com/archive/1/451557/100/0/threadedhttp://www.securityfocus.com/bid/21066http://www.vupen.com/english/advisories/2006/4532https://exchange.xforce.ibmcloud.com/vulnerabilities/30273
2006-11-17
Published