CVE-2006-6911

Digitizing Quote And Ordering System - SQL Injection

Title source: rule

Description

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsasp

https://www.exploit-db.com/exploits/3089

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/31689

[Vendor Advisory] http://secunia.com/advisories/23652

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31318

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3089

Scores

EPSS 0.0129

EPSS Percentile 79.4%

Classification

Status draft

Affected Products (1)

digitizing_quote_and_ordering_system/digitizing_quote_and_ordering_system

Timeline

Published Dec 31, 2006

Tracked Since Feb 18, 2026