EV0102.txt

🗓️ 01 Apr 2006 00:00:00Reported by Aliaksandr HartsuyeuType

packetstorm🔗 packetstormsecurity.com👁 29 Views

New eVuln Advisory: Maian Events SQL Injection Vulnerability. Vulnerable script: events.php. Critical Level: Moderate. Type: SQL Injection. Developer(s) contacted. PoC/Exploit available at: http://evuln.com/vulns/102/exploit.htm

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2006-1341	21 Mar 200602:00	–	cve
Cvelist	CVE-2006-1341	21 Mar 200602:00	–	cvelist
EUVD	EUVD-2006-1345	7 Oct 202500:30	–	euvd
NVD	CVE-2006-1341	21 Mar 200602:06	–	nvd
Prion	Sql injection	21 Mar 200602:06	–	prion
securityvulns	[eVuln] Maian Events SQL Injection Vulnerability	29 Mar 200600:00	–	securityvulns

`New eVuln Advisory:  
Maian Events SQL Injection Vulnerability  
http://evuln.com/vulns/102/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0102  
CVE: CVE-2006-1341  
Software: Maian Events  
Sowtware's Web Site: http://www.maianscriptworld.co.uk/  
Versions: 1.0  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched. Developer(s) contacted.  
PoC/Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Vulnerable script: events.php  
  
Parameters month, year are not properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
Condition: magic_quotes_gpc = off  
  
--------------PoC/Exploit----------------------  
Available at: http://evuln.com/vulns/102/exploit.html  
  
  
http://[host]/menu.php?month=4&year=2006% 20or%201/*  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
.  
`

01 Apr 2006 00:00Current

6.7Medium risk

Vulners AI Score6.7

EPSS0.01112