CVE-2006-1930 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid (2) pituus or (3) date parameters. NOTE: this issue has been disputed by the vendor saying \those parameters mentioned ARE checked (preg_match) before they are used in SQL-query… If someone decided to add SQL-injection stuff to certain parameter they would see an error text but only because nothing was passed inside that parameter (to MySQL-database).\ As allowed by the vendor CVE investigated this report on 20060525 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations.

Reference

http://hoito.org/en/products/ http://osvdb.org/ref/25/25207-dispute.txt http://pridels0.blogspot.com/2006/04/green-minute-sql-inj-vuln.html http://www.osvdb.org/25207 https://exchange.xforce.ibmcloud.com/vulnerabilities/25942