CVE-2006-6911

Digitizing Quote And Ordering System - SQL Injection

Title source: rule

Description

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsasp

https://www.exploit-db.com/exploits/3089

View Code ZIP pw:eip

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23652

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3089

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/31689

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/31318

Scores

EPSS 0.0087

EPSS Percentile 75.3%

Details

Status published

Products (1)

digitizing_quote_and_ordering_system/digitizing_quote_and_ordering_system 1.0

Published Dec 31, 2006

Tracked Since Feb 18, 2026