CVE-2006-3152

critical

Description

Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php, (f) browse.php, (g) showmemberads.php, (h) note_ad.php, (i) abuse.php, (j) buynow.php, (k) confirm_newad.php, (2) an parameter in (l) printad.php, (m) note_ad.php, (3) who parameter in (n) showmemberads.php, and (4) adnr parameter in (o) buynow.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27267

http://www.vupen.com/english/advisories/2006/2469

http://www.securityfocus.com/bid/18468

http://www.osvdb.org/26706

http://www.osvdb.org/26705

http://www.osvdb.org/26704

http://www.osvdb.org/26703

http://www.osvdb.org/26702

http://www.osvdb.org/26701

http://www.osvdb.org/26700

http://www.osvdb.org/26699

http://www.osvdb.org/26698

http://www.osvdb.org/26697

http://www.osvdb.org/26696

http://securitytracker.com/id?1016356

http://secunia.com/advisories/20740

http://pridels0.blogspot.com/2006/06/phptrader-multiple-sql-injection-vuln.html

Details

Source: Mitre, NVD

Published: 2006-06-22

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02202