Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2915

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2915
Last Modified 07 Mar 2011 09:37:17
Published 23 Jun 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2915

Summary

Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.

Vulnerable Systems

Application

  • Deluxebb 1.06


References

VUPEN - ADV-2006-2347

BID - 18453

BUGTRAQ - 20060614 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities

SECTRACK - 1016309

MISC - http://secunia.com/secunia_research/2006-44/advisory

SECUNIA - 20152

XF - deluxebb-accountreg-sql-injection(27091)

BUGTRAQ - 20060628 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities

OSVDB - 26457

SREASON - 1134


Last Updated: 27 May 2016 10:42:48