Vulnerability Details CVE-2006-3135
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/20589
- http://secunia.com/secunia_research/2006-52/advisory/
- http://securityreason.com/securityalert/1236
- http://www.osvdb.org/27139
- http://www.osvdb.org/27140
- http://www.osvdb.org/27141
- http://www.osvdb.org/27142
- http://www.osvdb.org/27143
- http://www.vupen.com/english/advisories/2006/2783
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27712
- http://secunia.com/advisories/20589
- http://secunia.com/secunia_research/2006-52/advisory/
- http://securityreason.com/securityalert/1236
- http://www.osvdb.org/27139
- http://www.osvdb.org/27140
- http://www.osvdb.org/27141
- http://www.osvdb.org/27142
- http://www.osvdb.org/27143
- http://www.vupen.com/english/advisories/2006/2783
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27712
Products affected by CVE-2006-3135
-
cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_008