CVE-2006-3348: SQL Injection
First published: Mon Jul 03 2006(Updated: )
Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SWsoft Hspcomplete | =3.2.2 | |
| SWsoft Hspcomplete | <=3.3_beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-3348?
CVE-2006-3348 is considered a high-severity vulnerability due to its potential for remote SQL command execution.
How do I fix CVE-2006-3348?
To fix CVE-2006-3348, upgrade HSPcomplete to version 3.3 Beta or later, which addresses these SQL injection vulnerabilities.
What are the affected versions of HSPcomplete for CVE-2006-3348?
CVE-2006-3348 affects HSPcomplete versions 3.2.2 and all versions up to and including 3.3 Beta.
What type of attacks can exploit CVE-2006-3348?
CVE-2006-3348 can be exploited through SQL injection attacks, allowing attackers to execute arbitrary SQL commands on the database.
Which parameters are vulnerable in CVE-2006-3348?
The vulnerable parameters in CVE-2006-3348 are 'type' in report.php and 'level' in custom_buttons.php.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/swsoft
- canonical/swsoft hspcomplete
- version/swsoft hspcomplete/3.2.2
- version/swsoft hspcomplete/3.3_beta