Vulnerability Details CVE-2006-1638
Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 83.0%
CVSS Severity
CVSS v2 Score 5.1
References
- http://evuln.com/vulns/117/summary.html
- http://secunia.com/advisories/19486
- http://www.osvdb.org/24340
- http://www.osvdb.org/24341
- http://www.osvdb.org/24342
- http://www.osvdb.org/24343
- http://www.osvdb.org/24344
- http://www.osvdb.org/24345
- http://www.osvdb.org/24346
- http://www.osvdb.org/24347
- http://www.osvdb.org/24348
- http://www.osvdb.org/24349
- http://www.osvdb.org/24350
- http://www.osvdb.org/24351
- http://www.osvdb.org/24352
- http://www.securityfocus.com/archive/1/431064/100/0/threaded
- http://www.securityfocus.com/bid/17352
- http://www.vupen.com/english/advisories/2006/1197
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25587
- http://evuln.com/vulns/117/summary.html
- http://secunia.com/advisories/19486
- http://www.osvdb.org/24340
- http://www.osvdb.org/24341
- http://www.osvdb.org/24342
- http://www.osvdb.org/24343
- http://www.osvdb.org/24344
- http://www.osvdb.org/24345
- http://www.osvdb.org/24346
- http://www.osvdb.org/24347
- http://www.osvdb.org/24348
- http://www.osvdb.org/24349
- http://www.osvdb.org/24350
- http://www.osvdb.org/24351
- http://www.osvdb.org/24352
- http://www.securityfocus.com/archive/1/431064/100/0/threaded
- http://www.securityfocus.com/bid/17352
- http://www.vupen.com/english/advisories/2006/1197
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25587