SQL Injection in e-Vision CMS by Szava Gyula and Csaba Tamas
CVE-2006-5017

Currently unrated

Key Information:

Vendor: E-vision
Status: E-vision Cms
Vendor: CVE Published:; 27 September 2006

What is CVE-2006-5017?

The e-Vision CMS, developed by Szava Gyula and Csaba Tamas, contains a SQL injection vulnerability in the 'admin/all_users.php' script. This flaw allows remote attackers to execute arbitrary SQL commands through the manipulated 'from' parameter, potentially leading to unauthorized data access or database manipulation. It is crucial for users of the affected version 1.0 to apply the necessary security measures to mitigate this risk.

References

http://secunia.com/advisories/21969

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/1642

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/446706/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2006
Vulnerability Reserved
Sep 27, 2006

CVE-2006-5017 Data

JSON

E-vision

What is CVE-2006-5017?

References

Timeline