CVE-2006-2858

LocazoList Classifieds 1.05e - SQL Injection

Title source: llm

Description

SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsasp

https://www.exploit-db.com/exploits/27960

View Code ZIP pw:eip

References (8)

Core 8

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2136

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016222

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26900

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/435986/100/0/threaded

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18254

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/435867/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20462

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1048

Scores

EPSS 0.0144

EPSS Percentile 80.8%

Details

Status published

Products (3)

locazo/locazolist_classifieds 1.03c

locazo/locazolist_classifieds 1.04d

locazo/locazolist_classifieds 1.05e

Published Jun 06, 2006

Tracked Since Feb 18, 2026