CVE-2006-3330

Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php.

Published: Jul 1, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3330
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
deltascripts / php_classifieds	6.04	6.04.x

http://secunia.com/advisories/20880
http://securityreason.com/securityalert/1179
http://securitytracker.com/id?1016407
http://www.securityfocus.com/archive/1/438667/100/0/threaded
http://www.securityfocus.com/bid/18713
http://www.securityfocus.com/bid/18717
http://www.vupen.com/english/advisories/2006/2589
https://exchange.xforce.ibmcloud.com/vulnerabilities/27454

Vulnerability Database

CVE-2006-3330

Deep Security Visibility Without the Complexity