CVE-2006-6215
published 2006-12-01CVE-2006-6215: Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.06%
60.4th percentile
Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wallpaper | wallpaper_complete_website | <= 1.0.09 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UPDATE
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UPDATE"; flow:established,to_server; http.uri; content:"/dlwallpaper.php?"; nocase; content:"wallpaperid="; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006992; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tac
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login DELETE
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login DELETE"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"login="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006978; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitr
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login INSERT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login INSERT"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"login="; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006977; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UNION SELECT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UNION SELECT"; flow:established,to_server; http.uri; content:"/dlwallpaper.php?"; nocase; content:"wallpaperid="; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006988; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UNION SELECT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UNION SELECT"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"login="; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006976; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, m
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password SELECT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password SELECT"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"password="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006981; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UPDATE
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UPDATE"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"login="; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006980; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_na
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid SELECT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid SELECT"; flow:established,to_server; http.uri; content:"/dlwallpaper.php?"; nocase; content:"wallpaperid="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006987; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login ASCII
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login ASCII"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"login="; nocase; content:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006979; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password ASCII
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password ASCII"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"password="; nocase; content:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006985; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password DELETE
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password DELETE"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"password="; nocase; content:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006984; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password INSERT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password INSERT"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"password="; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006983; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UPDATE
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UPDATE"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"password="; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006986; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"login="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006975; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid DELETE
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid DELETE"; flow:established,to_server; http.uri; content:"/dlwallpaper.php?"; nocase; content:"wallpaperid="; nocase; content:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006990; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ASCII
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ASCII"; flow:established,to_server; http.uri; content:"/dlwallpaper.php?"; nocase; content:"wallpaperid="; nocase; content:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006991; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"password="; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006982; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid INSERT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid INSERT"; flow:established,to_server; http.uri; content:"/dlwallpaper.php?"; nocase; content:"wallpaperid="; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006989; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_ta
No public exploits indexed.
No writeups or analysis indexed.
2006-12-01
Published