Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2006-3013

🗓️ 19 Jun 2006 10:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 38 Views🌐 WEB

CVE-2006-3013 Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
Cvelist		CVE-2006-3013
19 Jun 200610:00
cvelist
EUVD		EUVD-2006-3010
7 Oct 202500:30
euvd
NVD		CVE-2006-3013
19 Jun 200610:02
nvd
Packet Storm		rt-sa-2006-005.txt
25 Jun 200600:00
packetstorm
securityvulns		[Full-disclosure] Advisory: Unauthorized password recovery in phpBannerExchange
15 Jun 200600:00
securityvulns
NVD
Node
eschew.netphpbannerexchangeMatch2.0
OR
eschew.netphpbannerexchangeMatch2.0_update_1
OR
eschew.netphpbannerexchangeMatch2.0_update_2
OR
eschew.netphpbannerexchangeMatch2.0_update_3
OR
eschew.netphpbannerexchangeMatch2.0_update_4
OR
eschew.netphpbannerexchangeMatch2.0_update_5
ParameterPositionPathDescriptionCWE
emailquery param/phpbe/resetpw.phpSQL injection via email parameter using null byte to bypass validationCWE-89
emailquery param/phpbe/resetpw.phpSQL injection via email parameter with null byte or via id parameter to manipulate reset queryCWE-89
idquery param/phpbe/resetpw.phpSQL injection via email parameter with null byte or via id parameter to manipulate reset queryCWE-89

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Apr 2026 00:27Current
8.1High risk
Vulners AI Score8.1
CVSS 25.1
EPSS0.0381
cve20063013interpretation conflictresetpw.phpphpbannerexchangesql injectionremote attackphp commandvulnerability
38