SQL Injection Risk in evoTopsites 2.x and evoTopsites Pro by evotopsites
CVE-2006-2339

Currently unrated

Key Information:

Vendor: Evo-dev
Status: Evotopsites Pro; Evotopsites
Vendor: CVE Published:; 12 May 2006

What is CVE-2006-2339?

The SQL injection vulnerability found in the index.php file of evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to exploit the (1) cat_id and (2) id parameters. By manipulating these parameters, attackers may execute arbitrary SQL commands on the database, leading to unauthorized data access or manipulation. It's crucial for users of these versions to apply appropriate security measures to mitigate this risk and protect their web applications.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26328

vdb-entryx_refsource_XF

http://secunia.com/advisories/19989

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/17893

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2006
Vulnerability Reserved
May 11, 2006

CVE-2006-2339 Data

JSON

Evo-dev

What is CVE-2006-2339?

References

Timeline