CVE-2006-4118 Information

Description

Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php and in multiple parameters in (b) include/registrieren.php possibly involving the (3) $form_email (4) $form_vorname (5) $form_nachname (6) $form_strasse (7) $form_plzort (8) $form_land (9) $form_homepage (10) $form_bildpfad (11) $form_profilsichtbar (12) $Temp_sprache (13) $form_tag (14) $form_monat (15) $form_jahr (16) $Temp_akt_string (17) $form_icq (18) $form_msn (19) $form_yahoo (20) $form_username and (21) $Temp_form_pass variables.

Reference

http://marc.info/?l=full-disclosure&m=115464299914573&w=2 http://secunia.com/advisories/21355 http://securityreason.com/securityalert/1376 http://www.securityfocus.com/archive/1/442209/100/100/threaded http://www.securityfocus.com/bid/19342 http://www.vupen.com/english/advisories/2006/3154 https://exchange.xforce.ibmcloud.com/vulnerabilities/28221