CVE-2006-2268 Information
Description
SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected.
Reference
http://secunia.com/advisories/20016 http://securityreason.com/securityalert/858 http://www.osvdb.org/25342 http://www.osvdb.org/25343 http://www.securityfocus.com/archive/1/433125/100/0/threaded http://www.securityfocus.com/bid/17864 http://www.vupen.com/english/advisories/2006/1690 https://exchange.xforce.ibmcloud.com/vulnerabilities/26323 https://exchange.xforce.ibmcloud.com/vulnerabilities/47651 https://www.exploit-db.com/exploits/7622
Share on: