CVE-2006-3330 Information

Description

Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName (\Title\ field) (2) url and (3) Description parameters possibly related to issues in add1.php.

Reference

http://secunia.com/advisories/20880 http://securityreason.com/securityalert/1179 http://securitytracker.com/id?1016407 http://www.securityfocus.com/archive/1/438667/100/0/threaded http://www.securityfocus.com/bid/18713 http://www.securityfocus.com/bid/18717 http://www.vupen.com/english/advisories/2006/2589 https://exchange.xforce.ibmcloud.com/vulnerabilities/27454 Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName (\Title
field) (2) url and (3) Description parameters possibly related to issues in add1.php.