1. CVE-Search
  2. CVE-2006-5736
ID CVE-2006-5736
Summary SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. Successful exploitation requires that "register_globals" is enabled. This vulnerability is addressed in the following product release: PunBB, PunBB, 1.2.14
References
Vulnerable Configurations
  • cpe:2.3:a:punbb:punbb:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.0_alpha:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.0_alpha:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.0_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.0_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.0_beta1a:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.0_beta1a:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.0_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.0_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.0_beta3:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.0_beta3:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.0_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.0_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.0_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.0_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*
    cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 17-10-2018 - 21:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20061030 Punbb <= 1.2.13 Multiple Vulnerabilities
confirm http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
misc http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities
osvdb 30133
sectrack 1017131
sreason 1824
vupen ADV-2006-4256
Last major update 17-10-2018 - 21:44
Published 06-11-2006 - 18:07
Last modified 17-10-2018 - 21:44
Back to Top