CVE-2006-3330

medium

Description

Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27454

http://www.vupen.com/english/advisories/2006/2589

http://www.securityfocus.com/bid/18717

http://www.securityfocus.com/bid/18713

http://www.securityfocus.com/archive/1/438667/100/0/threaded

http://securitytracker.com/id?1016407

http://securityreason.com/securityalert/1179

http://secunia.com/advisories/20880

Details

Source: Mitre, NVD

Published: 2006-06-30

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.01143