Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2034

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2034
Last Modified 05 Sep 2008 05:03:29
Published 25 Apr 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2034

Summary

SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.

Vulnerable Systems

Application

  • Flexbb 0.5.5


References

BID - 17574

BUGTRAQ - 20060421 FlexBB 0.5.5 Exploit [ function/showprofile.php ] Remote SQL Injection

OSVDB - 24867


Last Updated: 27 May 2016 10:42:18