Vulnerability Details CVE-2006-6342
Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://securityreason.com/securityalert/1976
- http://www.securityfocus.com/archive/1/452115/100/200/threaded
- http://www.securityfocus.com/bid/21199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30435
- http://securityreason.com/securityalert/1976
- http://www.securityfocus.com/archive/1/452115/100/200/threaded
- http://www.securityfocus.com/bid/21199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30435
Products affected by CVE-2006-6342
-
cpe:2.3:a:klf-design:klf-realty:*