CVE-2006-6243

Fipsasp Fipsshop < 5.10 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aria-Security Team · textwebappsasp

https://www.exploit-db.com/exploits/29189

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/4779

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1959

Exploit x_refsource_misc

http://www.aria-security.com/forum/showthread.php?t=46

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23147

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/453029/100/0/threaded

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21289

Scores

EPSS 0.0202

EPSS Percentile 83.8%

Details

Status published

Products (1)

fipsasp/fipsshop < 5.10

Published Dec 04, 2006

Tracked Since Feb 18, 2026