Vulnerability Details CVE-2006-1849
Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html
- http://secunia.com/advisories/19707
- http://www.securityfocus.com/bid/17614
- http://www.vupen.com/english/advisories/2006/1412
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25853
- http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html
- http://secunia.com/advisories/19707
- http://www.securityfocus.com/bid/17614
- http://www.vupen.com/english/advisories/2006/1412
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25853
Products affected by CVE-2006-1849
-
cpe:2.3:a:skymarx_solutions:xflow:*