CVE-2006-3152 Information

Description

Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php (b) write_newad.php (c) newad.php (d) printad.php (e) askseller.php (f) browse.php (g) showmemberads.php (h) note_ad.php (i) abuse.php (j) buynow.php (k) confirm_newad.php (2) an parameter in (l) printad.php (m) note_ad.php (3) who parameter in (n) showmemberads.php and (4) adnr parameter in (o) buynow.php.

Reference

http://pridels0.blogspot.com/2006/06/phptrader-multiple-sql-injection-vuln.html http://secunia.com/advisories/20740 http://securitytracker.com/id?1016356 http://www.osvdb.org/26696 http://www.osvdb.org/26697 http://www.osvdb.org/26698 http://www.osvdb.org/26699 http://www.osvdb.org/26700 http://www.osvdb.org/26701 http://www.osvdb.org/26702 http://www.osvdb.org/26703 http://www.osvdb.org/26704 http://www.osvdb.org/26705 http://www.osvdb.org/26706 http://www.securityfocus.com/bid/18468 http://www.vupen.com/english/advisories/2006/2469 https://exchange.xforce.ibmcloud.com/vulnerabilities/27267