CVE-2006-6177

Published: 30/11/2006 Updated: 17/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and previous versions allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).

Vulnerable Product	Search on Vulmon	Subscribe to Product
neocrome seditio

Seditio <= 110 Remote SQL Injection (avatarselect id) Vulnerability Discovered by: nukedx Contacts: ICQ: 10072 MSN/Mail: nukedx@nukedxcom web: wwwnukedxcom Original advisory can be found at: wwwnukedxcom/?viewdoc=52 ---- GET -> wwwvictimcom/usersphp?m=profile&a=avatarselect&x=XVALUE&id=defaultgif[SQL ...

NVD-CWE-Other http://www.nukedx.com/?getxpl=52 http://www.nukedx.com/?viewdoc=52 http://secunia.com/advisories/23054 http://www.neocrome.net/page.php?id=2233 http://securityreason.com/securityalert/1931 http://www.vupen.com/english/advisories/2006/4668 https://exchange.xforce.ibmcloud.com/vulnerabilities/30466 http://www.securityfocus.com/archive/1/452269/100/100/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/2820/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-6177

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect