CVE-2006-5287 Information

Description

Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via (1) the User-Agent HTTP header or the (2) gb_entry_text (3) gb_location (4) gb_fullname or (5) gb_sex parameters.

Reference

http://marc.info/?l=full-disclosure&m=116062281632705&w=2 http://www.securityfocus.com/archive/1/448425/100/0/threaded http://www.securityfocus.com/bid/20476 https://exchange.xforce.ibmcloud.com/vulnerabilities/29478