VYPR
Unrated severityNVD Advisory· Published Apr 11, 2006· Updated Jun 16, 2026

CVE-2006-1706

CVE-2006-1706

Description

Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:kansok_communications:shopweezle:2.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:kansok_communications:shopweezle:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:kansok_communications:shopweezle:2.0_personal:*:*:*:*:*:*:*
    • cpe:2.3:a:kansok_communications:shopweezle:2.0_professional:*:*:*:*:*:*:*
    • cpe:2.3:a:kansok_communications:shopweezle:2.0_professional_plus:*:*:*:*:*:*:*
    • (no CPE)range: = 2.0

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.