CVEブラウザに戻る

CVE-2006-6268

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0250%

EPSS Percentile13.26th

Published2006年12月4日

Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527).

Affected Platforms (CPE)

📦

Neocrome

Land Down Under

<= 8.0

References & Advisories

🔗 http://securityreason.com/securityalert/1954

🔗 http://www.nukedx.com/?viewdoc=51

🔗 http://www.securityfocus.com/archive/1/452259/100/100/threaded

🔗 http://www.securityfocus.com/bid/21227

🔗 http://securityreason.com/securityalert/1954

🔗 http://www.nukedx.com/?viewdoc=51

🔗 http://www.securityfocus.com/archive/1/452259/100/100/threaded

🔗 http://www.securityfocus.com/bid/21227

関連する脆弱性情報

CVE-2020-72299.8

An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The ...

CVE-2015-52278.8

The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.

CVE-2018-24878.3

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracte...

CVE-2019-254988.2

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by ...