Lucene search

[email protected]CVE-2006-0778

HistoryFeb 19, 2006 - 12:02 a.m.

CVE-2006-0778

2006-02-1900:02:00

[email protected]

web.nvd.nist.gov

cve

2006

0778

sql injection

xmb forums

vulnerability

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.3%

JSON

Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php.

Affected configurations

NVD

Node

xmb_forumxmbRange≤1.9.3

CPENameOperatorVersion
xmb_forum:xmbxmb forum xmble1.9.3

CPE	Name	Operator	Version
xmb_forum:xmb	xmb forum xmb	le	1.9.3

References

secunia.com/advisories/18821

www.gulftech.org/?node=research&article_id=00100-02122006

www.osvdb.org/23117

www.osvdb.org/23118

www.securityfocus.com/archive/1/425084/100/0/threaded

www.securityfocus.com/bid/16604

www.vupen.com/english/advisories/2006/0529

www.xmbforum.com/

docs.xmbforum2.com/index.php?title=Security_Issue_History

exchange.xforce.ibmcloud.com/vulnerabilities/24646

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.3%

JSON

Related for CVE-2006-0778

cvelist1 nvd1 prion1