VYPR
Unrated severityNVD Advisory· Published Jul 13, 2006· Updated Jun 16, 2026

CVE-2006-3135

CVE-2006-3135

Description

Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_008:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_008:*:*:*:*:*:*:*
    • (no CPE)range: <= 1.0 build 008

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.