CVE-2006-6092 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID (2) categoryID_list (3) sale_type (4) stock_number (5) manufacturer (6) model (7) vehicleID (8) year (9) vin and (10) listing_price parameters.

Reference

http://s-a-p.ca/index.php?page=OurAdvisories&id=38 http://secunia.com/advisories/22974 http://securityreason.com/securityalert/1916 http://www.securityfocus.com/archive/1/451947/100/100/threaded http://www.securityfocus.com/bid/21154 http://www.vupen.com/english/advisories/2006/4601 https://exchange.xforce.ibmcloud.com/vulnerabilities/30400

Share on: