CyberSec.Space Logo
Back to CVE Browser

CVE-2006-6268

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0250%
EPSS Percentile13.26th
PublishedDec 4, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527).

Affected Platforms (CPE)

πŸ“¦
Neocrome

Land Down Under

<= 8.0

References & Advisories

πŸ”— http://securityreason.com/securityalert/1954
πŸ”— http://www.nukedx.com/?viewdoc=51
πŸ”— http://www.securityfocus.com/archive/1/452259/100/100/threaded
πŸ”— http://www.securityfocus.com/bid/21227
πŸ”— http://securityreason.com/securityalert/1954
πŸ”— http://www.nukedx.com/?viewdoc=51
πŸ”— http://www.securityfocus.com/archive/1/452259/100/100/threaded
πŸ”— http://www.securityfocus.com/bid/21227

Related Vulnerabilities

CVE-2020-72299.8

An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The ...

CVE-2015-52278.8

The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.

CVE-2018-24878.3

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracte...

CVE-2019-254988.2

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by ...