CVE-2006-1347

gCards <1.45 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1595

View Code ZIP pw:eip

References (7)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1595

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24017

[Third Party Advisory] http://secunia.com/advisories/19322

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1015

[Exploit] http://www.securityfocus.com/bid/17165

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25344

[Various Sources] http://attrition.org/pipermail/vim/2006-April/000698.html

Scores

EPSS 0.0136

EPSS Percentile 80.2%

Details

Status published

Products (3)

greg_neustaetter/gcards 1.43

greg_neustaetter/gcards 1.44

greg_neustaetter/gcards < 1.45

Published Mar 22, 2006

Tracked Since Feb 18, 2026