CVE-2006-2499

Xfairguy Codeavalanche News - SQL Injection

Title source: rule

Description

SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by omnipresent · textwebappsasp

https://www.exploit-db.com/exploits/27898

View Code ZIP pw:eip

References (7)

Core 7

Core References

Exploit, Vendor Advisory x_refsource_misc

http://colander.altervista.org/advisory/CANews.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26586

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1870

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/25652

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18031

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/434730/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20171

Scores

EPSS 0.0088

EPSS Percentile 75.4%

Details

Status published

Products (1)

xfairguy/codeavalanche_news 1.2

Published May 20, 2006

Tracked Since Feb 18, 2026