CVE-2006-2671

Description

SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field.

Affected products

• calendarscripts.com / chatpat1.0 – 1.0

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/20290
• MISChttp://www.securityfocus.com/archive/1/435006/100/0/threaded
• MISChttp://securityreason.com/securityalert/989
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1986