CVE-2006-4632 - Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers t

CVE-2006-4632

Summary

Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.

References

http://acid-root.new.fr/advisories/10060904.txt
http://secunia.com/advisories/21761
http://securityreason.com/securityalert/1521
http://securitytracker.com/id?1016785
http://www.osvdb.org/28577
http://www.osvdb.org/28578
http://www.securityfocus.com/archive/1/445087/100/0/threaded
http://www.vupen.com/english/advisories/2006/3478
https://exchange.xforce.ibmcloud.com/vulnerabilities/28747
https://www.exploit-db.com/exploits/2300

Vulnerable Configurations

cpe:2.3:a:softbb:softbb:*:*:*:*:*:*:*:*
cpe:2.3:a:softbb:softbb:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20060904 SoftBB 0.1 Remote PHP Code Execution Exploit
exploit-db	2300
misc	http://acid-root.new.fr/advisories/10060904.txt
osvdb	28577 28578
sectrack	1016785
secunia	21761
sreason	1521
vupen	ADV-2006-3478
xf	softbb-addmembre-sql-injection(28747)

Last major update

17-10-2018 - 21:38

Published

08-09-2006 - 20:04

Last modified

17-10-2018 - 21:38