CVE-2006-6177

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/11/2006
Last modified:
09/04/2025

Description

SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:neocrome:seditio:*:*:*:*:*:*:*:* 1.10 (including)