返回 CVE 瀏覽器

CVE-2006-1098

HIGH

7.5

CVSS Severity Score

EPSS Score0.1110%

EPSS Percentile0.50th

Published2006年3月9日

Last Modified2026年4月16日

Vulnerability Description

Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem

Affected Platforms (CPE)

📦

Digital Builder

Nz Ecommerce

All versions

References & Advisories

🔗 http://pridels0.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html

🔗 http://secunia.com/advisories/19088

🔗 http://www.osvdb.org/23601

🔗 http://www.securityfocus.com/bid/16931

🔗 http://www.vupen.com/english/advisories/2006/0803

🔗 http://pridels0.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html

🔗 http://secunia.com/advisories/19088

🔗 http://www.osvdb.org/23601

相關漏洞威脅

CVE-2017-811010.0

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.

CVE-2006-087410.0

Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as address...

CVE-2020-239789.8

SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"

CVE-2020-239769.8

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.