Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0545

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0545
Last Modified 05 Sep 2008 04:59:34
Published 03 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0545

Summary

SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter.

Vulnerable Systems

Application

  • Ubbcentral Ubb.threads 6.0

  • Ubbcentral Ubb.threads 6.0.1

  • Ubbcentral Ubb.threads 6.0.2

  • Ubbcentral Ubb.threads 6.0.3

  • Ubbcentral Ubb.threads 6.1

  • Ubbcentral Ubb.threads 6.1.1

  • Ubbcentral Ubb.threads 6.2

  • Ubbcentral Ubb.threads 6.2.1

  • Ubbcentral Ubb.threads 6.2.2

  • Ubbcentral Ubb.threads 6.2.3

  • Ubbcentral Ubb.threads 6.3


References

XF - ubbthreads-showflat-sql-injection(24381)

BID - 16520

OSVDB - 22808

MISC - http://www.cyberlords.net/advisories/cl_ubb.txt

SECTRACK - 1015549

BUGTRAQ - 20060325 UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection


Last Updated: 27 May 2016 10:41:42