Unrated severityNVD Advisory· Published Jul 13, 2006· Updated Apr 16, 2026

CVE-2006-3135

Description

Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.

Affected products

Hotwebscripts/CMS Mundo
cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_008:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20589nvdExploitVendor Advisory
secunia.com/secunia_research/2006-52/advisory/nvdVendor Advisory
securityreason.com/securityalert/1236nvd
www.osvdb.org/27139nvd
www.osvdb.org/27140nvd
www.osvdb.org/27141nvd
www.osvdb.org/27142nvd
www.osvdb.org/27143nvd
www.vupen.com/english/advisories/2006/2783nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27712nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000