Unrated severityNVD Advisory· Published Jul 13, 2006· Updated Jun 16, 2026
CVE-2006-3135
CVE-2006-3135
Description
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_008:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_008:*:*:*:*:*:*:*
- (no CPE)range: <= 1.0 build 008
Patches
Vulnerability mechanics
References
10- secunia.com/advisories/20589nvdExploitVendor Advisory
- secunia.com/secunia_research/2006-52/advisory/nvdVendor Advisory
- securityreason.com/securityalert/1236nvd
- www.osvdb.org/27139nvd
- www.osvdb.org/27140nvd
- www.osvdb.org/27141nvd
- www.osvdb.org/27142nvd
- www.osvdb.org/27143nvd
- www.vupen.com/english/advisories/2006/2783nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27712nvd
News mentions
0No linked articles in our index yet.