CVE-2006-1481 Information

Description

SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.

Reference

http://secunia.com/advisories/19412 http://www.securityfocus.com/bid/17229 http://www.vupen.com/english/advisories/2006/1106 https://exchange.xforce.ibmcloud.com/vulnerabilities/25436 https://www.exploit-db.com/exploits/1609