CVE-2006-3221

DataLife Engine <4.1 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.

Exploits (2)

exploitdb WORKING POC VERIFIED

by RusH · perlwebappsphp

https://www.exploit-db.com/exploits/1938

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by RusH · phpwebappsphp

https://www.exploit-db.com/exploits/1939

View Code ZIP pw:eip

References (6)

[Exploit, Vendor Advisory] http://secunia.com/advisories/20765

[Exploit] http://www.securityfocus.com/bid/18592

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27321

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1938

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1939

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2486

Scores

EPSS 0.0270

EPSS Percentile 85.9%

Details

Status published

Products (1)

softnews_media_group/datalife_engine < 4.1

Published Jun 24, 2006

Tracked Since Feb 18, 2026