Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-2827

EPSS 0.78% · P74
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-2827

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
X-Cart Gold/Pro/X-Cart search.php SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
** 争议 ** X-Cart Gold和Pro 4.0.18、X-Cart 4.1.0 beta 1中的search.php存在SQL注入漏洞,远程攻击者可通过当设置指定只"在详细描述中搜索"和"也在ISBN内搜索"时的"搜索模式"字段,来执行任意SQL命令。 注:厂商在初始研究者的博克上发布评论对此问题提出争议,指出"此问题不会产生任何安全威胁,远程攻击者不能通过发送特制SQL语句给使用各种搜索参数的search.php来添加、修改或删除后台数据库的信息。"至20060605其,原始博克内容不可访问,
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-2827

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-2827

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-06-05 · 26 CVEs total

CVE-2006-2814iShopCart 多个远程安全漏洞
CVE-2006-2826phpRPC库 rpc_decoder.php文件 输入验证漏洞
CVE-2006-2825cPanel PHP open_basedir配置指令 权限许可和访问控制漏洞
CVE-2006-2824Logicalware MailManager 数据流"0xc8 0x27" 权限许可和访问控制漏洞
CVE-2006-2823Katrien De Graeve a.shopKart web根目录 信息泄露漏洞
CVE-2006-2822Dusan Drobac CodeAvalanche FreeForum (CAForum) admin/default.asp SQL注入漏洞
CVE-2006-2821DeltaScripts PHP Pro Publish多个跨站脚本攻击漏洞
CVE-2006-2820HotWebScripts.com Weblog Oggi 跨站脚本攻击(XSS)漏洞
CVE-2006-2819Barnraiser Igloo Wiki.php 在PHP远程文件包含漏洞
CVE-2006-2818Cameron McKay Informium common-menu.php PHP远程文件包含漏洞
CVE-2006-2817Tekno.Portal Bolum.PHP SQL注入漏洞
CVE-2006-2816CoolPHP Index.PHP 跨站脚本攻击漏洞
CVE-2006-2815Two Shoes M-Factory (TSMF) SimpleBoard Stable 多个跨站脚本攻击(XSS)漏洞
CVE-2006-2828PHP-Nuke 多个全局变量重写漏洞
CVE-2006-2813IShopCart Easy-Scart.CGI 目录遍历漏洞
CVE-2006-2812Dominios Europa PICRATE index.php 多个跨站脚本攻击(XSS)漏洞
CVE-2006-2811Ovidentia 多个输入验证漏洞
CVE-2006-2810Belchior Foundry vCard 多个跨站脚本攻击(XSS) 漏洞
CVE-2006-2809ar-blog index.php 多个跨站脚本攻击(XSS)漏洞
CVE-2006-2808Lycos Tripod htmlGEAR guestGEAR 跨站脚本攻击(XSS)漏洞

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-2827

No comments yet

Leave a comment