CVE-2006-3111 Information

Description

Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters as demonstrated by (1) anfang (2) name (3) mail (4) anrede (5) vorname (6) nachname (7) gebtag (8) gebmonat and (9) gebjahr.

Reference

http://marc.info/?l=bugtraq&m=115024576618386&w=2 http://secunia.com/advisories/20643 http://securitytracker.com/id?1016315 http://www.securityfocus.com/bid/18463 http://www.vupen.com/english/advisories/2006/2359 https://exchange.xforce.ibmcloud.com/vulnerabilities/27158