CVE-2006-6177
published 2006-11-30CVE-2006-6177: SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.63%
73.3th percentile
SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| neocrome | seditio | <= 1.10 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m9v9-g9g4-r286: SQL injection vulnerability in system/core/users/users
ghsa_unreviewed·2022-05-01
CVE-2006-6177 [HIGH] GHSA-m9v9-g9g4-r286: SQL injection vulnerability in system/core/users/users
SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).
GHSA
GHSA-c2v6-5m74-mfqp: Multiple unspecified vulnerabilities in Neocrome Seditio 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-6344 [HIGH] GHSA-c2v6-5m74-mfqp: Multiple unspecified vulnerabilities in Neocrome Seditio 1
Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/23054http://securityreason.com/securityalert/1931http://www.neocrome.net/page.php?id=2233http://www.nukedx.com/?getxpl=52http://www.nukedx.com/?viewdoc=52http://www.securityfocus.com/archive/1/452269/100/100/threadedhttp://www.vupen.com/english/advisories/2006/4668https://exchange.xforce.ibmcloud.com/vulnerabilities/30466http://secunia.com/advisories/23054http://securityreason.com/securityalert/1931http://www.neocrome.net/page.php?id=2233http://www.nukedx.com/?getxpl=52http://www.nukedx.com/?viewdoc=52http://www.securityfocus.com/archive/1/452269/100/100/threadedhttp://www.vupen.com/english/advisories/2006/4668https://exchange.xforce.ibmcloud.com/vulnerabilities/30466
2006-11-30
Published