Back to CVE Browser

CVE-2006-1098

HIGH

7.5

CVSS Severity Score

EPSS Score0.1110%

EPSS Percentile0.50th

PublishedMar 9, 2006

Last ModifiedApr 16, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem

Affected Platforms (CPE)

📦

Digital Builder

Nz Ecommerce

All versions

References & Advisories

🔗 http://pridels0.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html

🔗 http://secunia.com/advisories/19088

🔗 http://www.osvdb.org/23601

🔗 http://www.securityfocus.com/bid/16931

🔗 http://www.vupen.com/english/advisories/2006/0803

🔗 http://pridels0.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html

🔗 http://secunia.com/advisories/19088

🔗 http://www.osvdb.org/23601

Related Vulnerabilities

CVE-2017-811010.0

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.

CVE-2006-087410.0

Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as address...

CVE-2020-239789.8

SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"

CVE-2020-239769.8

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.