Vulnerability Details CVE-2006-2911
SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/20362
- http://secunia.com/secunia_research/2006-43/advisory/
- http://securitytracker.com/id?1016311
- http://www.osvdb.org/26464
- http://www.securityfocus.com/archive/1/437183/100/200/threaded
- http://www.securityfocus.com/bid/18451
- http://www.vupen.com/english/advisories/2006/2348
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27093
- http://secunia.com/advisories/20362
- http://secunia.com/secunia_research/2006-43/advisory/
- http://securitytracker.com/id?1016311
- http://www.osvdb.org/26464
- http://www.securityfocus.com/archive/1/437183/100/200/threaded
- http://www.securityfocus.com/bid/18451
- http://www.vupen.com/english/advisories/2006/2348
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27093
Products affected by CVE-2006-2911
-
cpe:2.3:a:hotwebscripts:cms_mundo:1.0
-
cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_007