CVE-2006-6478 Information

Description

Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php the (2) no parameter in (b) voirannonce.php the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.

Reference

http://secunia.com/advisories/23318 http://securityreason.com/securityalert/2019 http://www.securityfocus.com/archive/1/453966/100/0/threaded http://www.securityfocus.com/bid/21514 http://www.vupen.com/english/advisories/2006/4940 https://exchange.xforce.ibmcloud.com/vulnerabilities/30803