CVE-2006-6880

PHP-Update <2.7 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/3017

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://secunia.com/advisories/23486

[Exploit] http://www.securityfocus.com/bid/21772

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3017

Scores

EPSS 0.0045

EPSS Percentile 63.6%

Details

CWE

CWE-89

Status published

Products (1)

php-update/php-update < 2.7

Published Dec 31, 2006

Tracked Since Feb 18, 2026