CVE-2006-6157

Michaelis Freunde Contentnow < 1.39 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Revenge · perlwebappsphp

https://www.exploit-db.com/exploits/2822

View Code ZIP pw:eip

References (10)

[Third Party Advisory] http://securityreason.com/securityalert/1925

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/4663

[Product] http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017265

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2822

[Patch] http://www.securityfocus.com/bid/21237

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/452231/100/100/threaded

[Vendor Advisory] http://secunia.com/advisories/23005

[Exploit] http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30459

Scores

EPSS 0.0342

EPSS Percentile 87.5%

Details

CWE

CWE-89

Status published

Products (1)

michaelis_freunde/contentnow < 1.39

Published Nov 28, 2006

Tracked Since Feb 18, 2026