{"id": "EDB-ID:28125", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PHPClassifieds.Info Multiple Input Validation Vulnerabilities", "description": "PHPClassifieds.Info Multiple Input Validation Vulnerabilities. CVE-2006-3329. Webapps exploit for php platform", "published": "2006-06-28T00:00:00", "modified": "2006-06-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/28125/", "reporter": "Luny", "references": [], "cvelist": ["CVE-2006-3329"], "lastseen": "2016-02-03T07:28:38", "viewCount": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2016-02-03T07:28:38", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3329"]}, {"type": "osvdb", "idList": ["OSVDB:26923"]}], "modified": "2016-02-03T07:28:38", "rev": 2}, "vulnersScore": 6.8}, "sourceHref": "https://www.exploit-db.com/download/28125/", "sourceData": "source: http://www.securityfocus.com/bid/18713/info\r\n\r\nThe 'phpclassifieds.info' product is prone to multiple input-validation vulnerabilities. The issues include HTML- and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. \r\n\r\nSuccessful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.\r\n\r\nhttp://www.example.com/search.php?rate=[sql]", "osvdbidlist": ["26923"]}

{"cve": [{"lastseen": "2020-10-03T11:48:16", "description": "SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter.", "edition": 3, "cvss3": {}, "published": "2006-06-30T23:05:00", "title": "CVE-2006-3329", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3329"], "modified": "2018-10-18T16:46:00", "cpe": ["cpe:/a:deltascripts:php_classifieds:6.04"], "id": "CVE-2006-3329", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3329", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:deltascripts:php_classifieds:6.04:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "cvelist": ["CVE-2006-3329"], "edition": 1, "description": "## Manual Testing Notes\nhttp://[target]/search.php?rate=[sql]\n## References:\n[Secunia Advisory ID:20880](https://secuniaresearch.flexerasoftware.com/advisories/20880/)\n[Related OSVDB ID: 26922](https://vulners.com/osvdb/OSVDB:26922)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0618.html\nISS X-Force ID: 27453\n[CVE-2006-3329](https://vulners.com/cve/CVE-2006-3329)\nBugtraq ID: 18713\n", "modified": "2006-06-28T06:19:14", "published": "2006-06-28T06:19:14", "href": "https://vulners.com/osvdb/OSVDB:26923", "id": "OSVDB:26923", "type": "osvdb", "title": "PHP/MySQL Classifieds (PHP Classifieds) search.php rate Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}