Description
SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Nu Am Bani · textwebappsphp
https://www.exploit-db.com/exploits/6040
References (31)
Core 31
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0943
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25183
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43718
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23855
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23857
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23864
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31063
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23863
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/428659/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23852
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23861
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19224
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2009-August/002246.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23853
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23860
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23856
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015826
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/47018
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23858
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23854
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/47017
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43724
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17090
Exploit x_refsource_misc
http://evuln.com/vulns/95/summary.html
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23851
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23862
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6040
Exploit third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/619
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/24106
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30182
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23859
Scores
EPSS
0.0262
EPSS Percentile
85.8%
Details
CWE
CWE-89
Status
published
Products (1)
upoint/\@1_file_store
2006.03.07
Published
Mar 19, 2006
Tracked Since
Feb 18, 2026