CVE-2006-3135 Information

Description

Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008 and possibly other versions allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module (2) searchstring parameter in (b) the search module (3) id parameter in (c) the webshop module (4) username parameter in (d) index.php and (5) Name (6) Address (7) Zip (8) City (9) Country and (10) Email fields during (e) a user profile update.

Reference

http://secunia.com/advisories/20589 http://secunia.com/secunia_research/2006-52/advisory/ http://securityreason.com/securityalert/1236 http://www.osvdb.org/27139 http://www.osvdb.org/27140 http://www.osvdb.org/27141 http://www.osvdb.org/27142 http://www.osvdb.org/27143 http://www.vupen.com/english/advisories/2006/2783 https://exchange.xforce.ibmcloud.com/vulnerabilities/27712