CVE-2006-3135
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/07/2006
Last modified:
03/04/2025
Description
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_008:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/20589
- http://secunia.com/secunia_research/2006-52/advisory/
- http://securityreason.com/securityalert/1236
- http://www.osvdb.org/27139
- http://www.osvdb.org/27140
- http://www.osvdb.org/27141
- http://www.osvdb.org/27142
- http://www.osvdb.org/27143
- http://www.vupen.com/english/advisories/2006/2783
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27712
- http://secunia.com/advisories/20589
- http://secunia.com/secunia_research/2006-52/advisory/
- http://securityreason.com/securityalert/1236
- http://www.osvdb.org/27139
- http://www.osvdb.org/27140
- http://www.osvdb.org/27141
- http://www.osvdb.org/27142
- http://www.osvdb.org/27143
- http://www.vupen.com/english/advisories/2006/2783
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27712