ID CVE-2006-0942 Type cve Reporter NVD Modified 2008-09-05T17:00:37
Description
SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0942", "history": [], "references": ["http://downloads.securityfocus.com/vulnerabilities/exploits/PwsPHP_SQL_Inj.php", "http://www.securityfocus.com/bid/16567"], "lastseen": "2016-09-03T06:33:27", "bulletinFamily": "NVD", "title": "CVE-2006-0942", "cpe": ["cpe:/a:pwsphp:pwsphp:1.2.3"], "viewCount": 0, "id": "CVE-2006-0942", "hash": "8197b77e7610d969a12eebec402d8856e40b98630acc70bd5ac84a7f4fb921c8", "description": "SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2006-0942"], "scanner": [], "modified": "2008-09-05T17:00:37", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2006-02-28T21:02:00", "enchantments": {"vulnersScore": 7.5}}
{"result": {"osvdb": [{"id": "OSVDB:28444", "type": "osvdb", "title": "PwsPHP profil.php aff_news_form Variable Arbitrary SQL Injection", "description": "## Vulnerability Description\nPwsPHP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'profil.php' script not properly sanitizing user-supplied input to the 'aff_news_form' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPwsPHP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'profil.php' script not properly sanitizing user-supplied input to the 'aff_news_form' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.pwsphp.com/\nGeneric Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/PwsPHP_SQL_Inj.php\n[CVE-2006-0942](https://vulners.com/cve/CVE-2006-0942)\nBugtraq ID: 16567\n", "published": "2006-09-01T17:56:52", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:28444", "cvelist": ["CVE-2006-0942"], "lastseen": "2017-04-28T13:20:24"}], "exploitdb": [{"id": "EDB-ID:27175", "type": "exploitdb", "title": "PwsPHP 1.2.3 Index.PHP SQL Injection Vulnerability", "description": "PwsPHP 1.2.3 Index.PHP SQL Injection Vulnerability. CVE-2006-0942. Webapps exploit for php platform", "published": "2006-02-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/27175/", "cvelist": ["CVE-2006-0942"], "lastseen": "2016-02-03T05:16:56"}]}}
