Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters.
References
Configurations
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://s-a-p.ca/index.php?page=OurAdvisories&id=38 - URL Repurposed |
Information
Published : 2006-11-24 18:07
Updated : 2024-02-28 11:01
NVD link : CVE-2006-6092
Mitre link : CVE-2006-6092
CVE.ORG link : CVE-2006-6092
JSON object : View
Products Affected
20_20_applications
- 20_20_auto_gallery
CWE