Published: 26/01/2006 Updated: 19/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote malicious users to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpclanwebsite phpclanwebsite 1.23.1

#!perl #Phpclanwebsite 1231 SQL injection exploit by matrix_killer #Greets to all omega-team members[and specially to EcLiPsE] and also to h4cky0u[h4cky0uorg], Alpha-Fan, Chameleon and all my friends #The exploit was tested on phpclan's website and it worked + my local server and on ra4evcom #But on versions below 1231 it doesn't seem to work ...

NVD-CWE-Other http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt http://secunia.com/advisories/18597 http://www.securityfocus.com/bid/16391 http://www.osvdb.org/22720 http://www.osvdb.org/22722 http://www.vupen.com/english/advisories/2006/0342 https://exchange.xforce.ibmcloud.com/vulnerabilities/24355 http://www.securityfocus.com/archive/1/423145/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1453/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-0444

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect