Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.
References
Configurations
History
No history.
Information
Published : 2006-12-12 00:28
Updated : 2024-02-28 11:01
NVD link : CVE-2006-6478
Mitre link : CVE-2006-6478
CVE.ORG link : CVE-2006-6478
JSON object : View
Products Affected
scriptphp
- annoncescripthp
CWE