PRIOn knowledge basePRION:CVE-2006-1237

HistoryMar 15, 2006 - 4:06 p.m.

Sql injection

2006-03-1516:06:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php.

CPENameOperatorVersion
dsnewslettereq1.0

CPE	Name	Operator	Version
	dsnewsletter	eq	1.0

References

evuln.com/vulns/97/summary.html

secunia.com/advisories/19207

securityreason.com/securityalert/623

securitytracker.com/id?1015757

www.osvdb.org/23883

www.osvdb.org/23884

www.osvdb.org/23885

www.securityfocus.com/archive/1/428664/100/0/threaded

www.securityfocus.com/bid/17111

www.vupen.com/english/advisories/2006/0931

exchange.xforce.ibmcloud.com/vulnerabilities/25188