CVE-2006-5287
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/10/2006
Last modified:
17/10/2018
Description
Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via (1) the User-Agent HTTP header, or the (2) gb_entry_text, (3) gb_location, (4) gb_fullname, or (5) gb_sex parameters.
Impact
Base Score 2.0
5.10
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:xeobook:xeobook:0.93:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page