CVE-2006-0942

Pwsphp < 1.2.3 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509.

Exploits (1)

exploitdb WORKING POC VERIFIED

by papipsycho · phpwebappsphp

https://www.exploit-db.com/exploits/27175

View Code ZIP pw:eip

References (3)

[Exploit] http://downloads.securityfocus.com/vulnerabilities/exploits/PwsPHP_SQL_Inj.php

[Third Party Advisory, VDB Entry] http://www.osvdb.org/28444

[Exploit] http://www.securityfocus.com/bid/16567

Scores

EPSS 0.0033

EPSS Percentile 55.8%

Details

Status published

Products (1)

pwsphp/pwsphp < 1.2.3

Published Mar 01, 2006

Tracked Since Feb 18, 2026