CVE-2006-6152

Vspin.net Classified System - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED

by laurent gaffie · textwebappsasp

https://www.exploit-db.com/exploits/29104

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by laurent gaffie · textwebappsasp

https://www.exploit-db.com/exploits/29103

View Code ZIP pw:eip

References (7)

Core 7

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22987

URL Repurposed x_refsource_misc

http://s-a-p.ca/index.php?page=OurAdvisories&id=47

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017259

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1926

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21190

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/30444

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/452179/100/100/threaded

Scores

EPSS 0.0110

EPSS Percentile 78.1%

Details

Status published

Products (1)

vspin.net/classified_system 2004

Published Nov 28, 2006

Tracked Since Feb 18, 2026