CVE-2006-3292 Information

Description

SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the \LIKE\ keyword in the searchdata parameter (search field).

Reference

http://retrogod.altervista.org/JAWS_062_sql.html http://secunia.com/advisories/20842 http://securityreason.com/securityalert/1165 http://www.jaws-project.com/index.php?blog/show/29 http://www.securityfocus.com/archive/1/438434/100/0/threaded http://www.securityfocus.com/bid/18665 http://www.vupen.com/english/advisories/2006/2546 https://exchange.xforce.ibmcloud.com/vulnerabilities/27334