CVE-2006-1330

phpWebsite <0.83 - SQL Injection

Title source: llm
STIX 2.1

Description

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by DaBDouB-MoSiKaR · textwebappsphp
https://www.exploit-db.com/exploits/27448
exploitdb WRITEUP VERIFIED
by DaBDouB-MoSiKaR · textwebappsphp
https://www.exploit-db.com/exploits/27449

References (6)

Core 6
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17150
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1039
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/428156
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/430870/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19315
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25328

Scores

EPSS 0.0080
EPSS Percentile 74.2%

Details

CWE
CWE-89
Status published
Products (3)
phpwebsite/phpwebsite 0.7.3
phpwebsite/phpwebsite 0.8.2
phpwebsite/phpwebsite 0.8.3
Published Mar 21, 2006
Tracked Since Feb 18, 2026