CVE-2006-1638 - Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL

CVE-2006-1638

Summary

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php. Successful exploitation requires "magic_quotes_gpc" to be disabled.

References

Vulnerable Configurations

cpe:2.3:a:aweb_labs:awebbb:1.2:*:*:*:*:*:*:*
cpe:2.3:a:aweb_labs:awebbb:1.2:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 18-10-2018 - 16:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	17352
bugtraq	20060415 [eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities
misc	http://evuln.com/vulns/117/summary.html
osvdb	24340 24341 24342 24343 24344 24345 24346 24347 24348 24349 24350 24351 24352
secunia	19486
vupen	ADV-2006-1197
xf	awebbb-multiple-sql-injection(25587)

Last major update

18-10-2018 - 16:33

Published

06-04-2006 - 10:04

Last modified

18-10-2018 - 16:33