CVE-2006-2857

LifeType 1.0.4 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php).

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1874

View Code ZIP pw:eip

References (7)

[Patch, Vendor Advisory] http://secunia.com/advisories/20460

[Patch] http://www.lifetype.net/blog.php/lifetype_development_journal/2006/06/04/important_security_upgrade_lifetype_1.0.5_released

[Exploit] http://www.securityfocus.com/bid/18264

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26916

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/435874/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2120

[Third Party Advisory] http://securityreason.com/securityalert/1046

Scores

EPSS 0.0080

EPSS Percentile 74.1%

Details

Status published

Products (3)

lifetype/lifetype 1.0.2

lifetype/lifetype 1.0.3

lifetype/lifetype 1.0.4

Published Jun 06, 2006

Tracked Since Feb 18, 2026