ID | CVE-2006-1638 | ||||||||||||||
Summary | Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php. Successful exploitation requires "magic_quotes_gpc" to be disabled. | ||||||||||||||
References |
|
||||||||||||||
Vulnerable Configurations |
|
||||||||||||||
CVSS |
|
||||||||||||||
CWE | NVD-CWE-Other | ||||||||||||||
CAPEC |
|
||||||||||||||
Access |
|
||||||||||||||
Impact |
|
||||||||||||||
cvss-vector via4 | AV:N/AC:H/Au:N/C:P/I:P/A:P | ||||||||||||||
refmap via4 |
|
||||||||||||||
Last major update | 18-10-2018 - 16:33 | ||||||||||||||
Published | 06-04-2006 - 10:04 | ||||||||||||||
Last modified | 18-10-2018 - 16:33 |