Unrated severityNVD Advisory· Published Jul 3, 2006· Updated Apr 16, 2026

CVE-2006-3348

Description

Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php.

Affected products

Swsoft/Hspcomplete2 versions
cpe:2.3:a:swsoft:hspcomplete:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:swsoft:hspcomplete:*:*:*:*:*:*:*:*range: <=3.3_beta
- cpe:2.3:a:swsoft:hspcomplete:3.2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pridels0.blogspot.com/2006/06/hspcomplete-vuln.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/27379nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000