CVE-2006-2835

Arabless Saphplesson - SQL Injection

Title source: rule

Description

SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by C.B.B.L · textwebappsphp

https://www.exploit-db.com/exploits/28204

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26757

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1047

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/472798/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18117

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18934

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/440120

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/435202/100/0/threaded

Scores

EPSS 0.0103

EPSS Percentile 77.6%

Details

Status published

Products (1)

arabless/saphplesson 2.0

Published Jun 06, 2006

Tracked Since Feb 18, 2026