3 matches found
CVE-2006-0668
CVE-2006-0668 describes an SQL injection in the PHP application PwsPHP 1.2.3, specifically via the id parameter in index.php (and possibly in message.php within the espace_membre module). The underlying issue is a lack of input validation/safe query construction, enabling remote attackers to exec...
CVE-2006-0942
CVE-2006-0942 is an SQL injection in profil.php of PwsPHP 1.2.3 (and possibly earlier) that allows remote attackers to execute arbitrary SQL commands through the aff_news_form parameter, a vulnerability distinct from CVE-2005-1509. Connected records confirm the affected software (PwsPHP), vulnera...
CVE-2006-0943
The CVE-2006-0943 issue affects PwsPHP 1.2.3, specifically the sondages module’s index.php. The underlying vulnerability is a SQL injection via the id parameter to index.php, enabling remote attackers to execute arbitrary SQL commands. The available connected records corroborate the same descript...