Published: 11/10/2006 Updated: 14/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
4homepages 4images 1.7.3
4homepages 4images 1.7.1

#!/usr/bin/php <?php /* 4images 17x Remote SQL Injection Vulnerability Usage: php filephp [host] [path] [table prefix] [user id] Googledork "powered by 4images 17x" Vulnerability: Disfigure Research: h3llfyr3 Coding: Synsta PoC: <target>/<4images_dir>/searchphp?search_user=x%2527%20union%20select%20user_password%20from%204 ...

# Exploit Title: 4images 171 Remote SQL Injection Vulnerability # Date: 20-12-2009 # Author: Master Mind # Version: 171 # CVE : [N/A] ============================================================= ~ Script Name : 4images 171 ~ Language : php ~ Author : Master Mind ~ Home : wwwshdowskillcom , wwwvbspiderscom ============================== ...

NVD-CWE-Other http://w4ck1ng.com/board/showthread.php?t=1037 http://www.securityfocus.com/bid/20394 http://secunia.com/advisories/22349 http://securitytracker.com/id?1017074 http://securityreason.com/securityalert/1711 http://www.vupen.com/english/advisories/2006/3974 https://exchange.xforce.ibmcloud.com/vulnerabilities/29389 https://www.exploit-db.com/exploits/2487 http://www.securityfocus.com/archive/1/448022/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/2487/

CVE-2006-5236

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect