CVE-2006-3292

Jaws 0.6.2 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1946

View Code ZIP pw:eip

References (8)

[Exploit] http://retrogod.altervista.org/JAWS_062_sql.html

[Vendor Advisory] http://secunia.com/advisories/20842

[Patch] http://www.jaws-project.com/index.php?blog/show/29

[Exploit] http://www.securityfocus.com/bid/18665

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27334

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/438434/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2546

[Third Party Advisory] http://securityreason.com/securityalert/1165

Scores

EPSS 0.0128

EPSS Percentile 79.6%

Details

Status published

Products (1)

jaws/jaws 0.6.2

Published Jun 28, 2006

Tracked Since Feb 18, 2026