ID CVE-2006-3494 Type cve Reporter cve@mitre.org Modified 2018-10-18T16:47:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php.
{"osvdb": [{"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Vulnerability Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_classifieds.php script not properly sanitizing user-supplied input to the 'cat_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_classifieds.php script not properly sanitizing user-supplied input to the 'cat_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Manual Testing Notes\nhttp://[target]/view_classifieds.php?cat_id=8'\n## References:\nVendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html\n[Secunia Advisory ID:20933](https://secuniaresearch.flexerasoftware.com/advisories/20933/)\n[Related OSVDB ID: 26981](https://vulners.com/osvdb/OSVDB:26981)\n[Related OSVDB ID: 26982](https://vulners.com/osvdb/OSVDB:26982)\n[Related OSVDB ID: 26983](https://vulners.com/osvdb/OSVDB:26983)\n[Related OSVDB ID: 26986](https://vulners.com/osvdb/OSVDB:26986)\n[Related OSVDB ID: 26979](https://vulners.com/osvdb/OSVDB:26979)\n[Related OSVDB ID: 26985](https://vulners.com/osvdb/OSVDB:26985)\n[Related OSVDB ID: 26984](https://vulners.com/osvdb/OSVDB:26984)\n[Related OSVDB ID: 26987](https://vulners.com/osvdb/OSVDB:26987)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html\nISS X-Force ID: 27514\nISS X-Force ID: 27515\nFrSIRT Advisory: ADV-2006-2645\n[CVE-2006-3494](https://vulners.com/cve/CVE-2006-3494)\n", "modified": "2006-06-30T09:33:59", "published": "2006-06-30T09:33:59", "href": "https://vulners.com/osvdb/OSVDB:26980", "id": "OSVDB:26980", "title": "Buddy Zone view_classifieds.php cat_id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Vulnerability Description\nBuddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_group.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.0.1 (2006-07-15) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the July 15, 2006 release without a change in version number. An upgrade is required as there are no known workarounds.\n## Short Description\nBuddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_group.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html\n[Secunia Advisory ID:20933](https://secuniaresearch.flexerasoftware.com/advisories/20933/)\n[Related OSVDB ID: 26990](https://vulners.com/osvdb/OSVDB:26990)\n[Related OSVDB ID: 26991](https://vulners.com/osvdb/OSVDB:26991)\n[Related OSVDB ID: 26986](https://vulners.com/osvdb/OSVDB:26986)\n[Related OSVDB ID: 26988](https://vulners.com/osvdb/OSVDB:26988)\n[Related OSVDB ID: 26989](https://vulners.com/osvdb/OSVDB:26989)\n[Related OSVDB ID: 26979](https://vulners.com/osvdb/OSVDB:26979)\n[Related OSVDB ID: 26992](https://vulners.com/osvdb/OSVDB:26992)\n[Related OSVDB ID: 26987](https://vulners.com/osvdb/OSVDB:26987)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0245.html\nISS X-Force ID: 27512\nFrSIRT Advisory: ADV-2006-2645\n[CVE-2006-3494](https://vulners.com/cve/CVE-2006-3494)\nBugtraq ID: 18759\n", "modified": "2006-06-30T09:33:59", "published": "2006-06-30T09:33:59", "href": "https://vulners.com/osvdb/OSVDB:26993", "id": "OSVDB:26993", "title": "Buddy Zone view_group.php XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Vulnerability Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the delete_event.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the delete_event.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Manual Testing Notes\nhttp://[target]/delete_event.php?event_id='\n## References:\nVendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html\n[Secunia Advisory ID:20933](https://secuniaresearch.flexerasoftware.com/advisories/20933/)\n[Related OSVDB ID: 26981](https://vulners.com/osvdb/OSVDB:26981)\n[Related OSVDB ID: 26982](https://vulners.com/osvdb/OSVDB:26982)\n[Related OSVDB ID: 26986](https://vulners.com/osvdb/OSVDB:26986)\n[Related OSVDB ID: 26979](https://vulners.com/osvdb/OSVDB:26979)\n[Related OSVDB ID: 26985](https://vulners.com/osvdb/OSVDB:26985)\n[Related OSVDB ID: 26980](https://vulners.com/osvdb/OSVDB:26980)\n[Related OSVDB ID: 26984](https://vulners.com/osvdb/OSVDB:26984)\n[Related OSVDB ID: 26987](https://vulners.com/osvdb/OSVDB:26987)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html\nISS X-Force ID: 27514\nISS X-Force ID: 27515\nFrSIRT Advisory: ADV-2006-2645\n[CVE-2006-3494](https://vulners.com/cve/CVE-2006-3494)\n", "modified": "2006-06-30T09:33:59", "published": "2006-06-30T09:33:59", "href": "https://vulners.com/osvdb/OSVDB:26983", "id": "OSVDB:26983", "title": "Buddy Zone delete_event.php event_id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Vulnerability Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_event.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_event.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Manual Testing Notes\nhttp://[target]/view_event.php?event_id=8'\n## References:\nVendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html\n[Secunia Advisory ID:20933](https://secuniaresearch.flexerasoftware.com/advisories/20933/)\n[Related OSVDB ID: 26981](https://vulners.com/osvdb/OSVDB:26981)\n[Related OSVDB ID: 26983](https://vulners.com/osvdb/OSVDB:26983)\n[Related OSVDB ID: 26986](https://vulners.com/osvdb/OSVDB:26986)\n[Related OSVDB ID: 26979](https://vulners.com/osvdb/OSVDB:26979)\n[Related OSVDB ID: 26985](https://vulners.com/osvdb/OSVDB:26985)\n[Related OSVDB ID: 26980](https://vulners.com/osvdb/OSVDB:26980)\n[Related OSVDB ID: 26984](https://vulners.com/osvdb/OSVDB:26984)\n[Related OSVDB ID: 26987](https://vulners.com/osvdb/OSVDB:26987)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html\nISS X-Force ID: 27514\nISS X-Force ID: 27515\nFrSIRT Advisory: ADV-2006-2645\n[CVE-2006-3494](https://vulners.com/cve/CVE-2006-3494)\n", "modified": "2006-06-30T09:33:59", "published": "2006-06-30T09:33:59", "href": "https://vulners.com/osvdb/OSVDB:26982", "id": "OSVDB:26982", "title": "Buddy Zone view_event.php event_id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Vulnerability Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_group.php script not properly sanitizing user-supplied input to the 'group_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_group.php script not properly sanitizing user-supplied input to the 'group_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Manual Testing Notes\nhttp://[target]/view_group.php?group_id='\n## References:\nVendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html\n[Secunia Advisory ID:20933](https://secuniaresearch.flexerasoftware.com/advisories/20933/)\n[Related OSVDB ID: 26981](https://vulners.com/osvdb/OSVDB:26981)\n[Related OSVDB ID: 26982](https://vulners.com/osvdb/OSVDB:26982)\n[Related OSVDB ID: 26983](https://vulners.com/osvdb/OSVDB:26983)\n[Related OSVDB ID: 26986](https://vulners.com/osvdb/OSVDB:26986)\n[Related OSVDB ID: 26979](https://vulners.com/osvdb/OSVDB:26979)\n[Related OSVDB ID: 26980](https://vulners.com/osvdb/OSVDB:26980)\n[Related OSVDB ID: 26984](https://vulners.com/osvdb/OSVDB:26984)\n[Related OSVDB ID: 26987](https://vulners.com/osvdb/OSVDB:26987)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html\nISS X-Force ID: 27514\nISS X-Force ID: 27515\nFrSIRT Advisory: ADV-2006-2645\n[CVE-2006-3494](https://vulners.com/cve/CVE-2006-3494)\n", "modified": "2006-06-30T09:33:59", "published": "2006-06-30T09:33:59", "href": "https://vulners.com/osvdb/OSVDB:26985", "id": "OSVDB:26985", "title": "Buddy Zone view_group.php group_id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Vulnerability Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the edit_event.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the edit_event.php script not properly sanitizing user-supplied input to the 'event_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Manual Testing Notes\nhttp://[target]/edit_event.php?event_id='\n## References:\nVendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html\n[Secunia Advisory ID:20933](https://secuniaresearch.flexerasoftware.com/advisories/20933/)\n[Related OSVDB ID: 26981](https://vulners.com/osvdb/OSVDB:26981)\n[Related OSVDB ID: 26982](https://vulners.com/osvdb/OSVDB:26982)\n[Related OSVDB ID: 26983](https://vulners.com/osvdb/OSVDB:26983)\n[Related OSVDB ID: 26986](https://vulners.com/osvdb/OSVDB:26986)\n[Related OSVDB ID: 26979](https://vulners.com/osvdb/OSVDB:26979)\n[Related OSVDB ID: 26985](https://vulners.com/osvdb/OSVDB:26985)\n[Related OSVDB ID: 26980](https://vulners.com/osvdb/OSVDB:26980)\n[Related OSVDB ID: 26987](https://vulners.com/osvdb/OSVDB:26987)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html\nISS X-Force ID: 27514\nISS X-Force ID: 27515\nFrSIRT Advisory: ADV-2006-2645\n[CVE-2006-3494](https://vulners.com/cve/CVE-2006-3494)\n", "modified": "2006-06-30T09:33:59", "published": "2006-06-30T09:33:59", "href": "https://vulners.com/osvdb/OSVDB:26984", "id": "OSVDB:26984", "title": "Buddy Zone edit_event.php event_id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Vulnerability Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_ad.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_ad.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Manual Testing Notes\nhttp://[target]/view_ad.php?id=4'\n## References:\nVendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html\n[Secunia Advisory ID:20933](https://secuniaresearch.flexerasoftware.com/advisories/20933/)\n[Related OSVDB ID: 26982](https://vulners.com/osvdb/OSVDB:26982)\n[Related OSVDB ID: 26983](https://vulners.com/osvdb/OSVDB:26983)\n[Related OSVDB ID: 26986](https://vulners.com/osvdb/OSVDB:26986)\n[Related OSVDB ID: 26979](https://vulners.com/osvdb/OSVDB:26979)\n[Related OSVDB ID: 26985](https://vulners.com/osvdb/OSVDB:26985)\n[Related OSVDB ID: 26980](https://vulners.com/osvdb/OSVDB:26980)\n[Related OSVDB ID: 26984](https://vulners.com/osvdb/OSVDB:26984)\n[Related OSVDB ID: 26987](https://vulners.com/osvdb/OSVDB:26987)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html\nISS X-Force ID: 27514\nISS X-Force ID: 27515\nFrSIRT Advisory: ADV-2006-2645\n[CVE-2006-3494](https://vulners.com/cve/CVE-2006-3494)\n", "modified": "2006-06-30T09:33:59", "published": "2006-06-30T09:33:59", "href": "https://vulners.com/osvdb/OSVDB:26981", "id": "OSVDB:26981", "title": "Buddy Zone view_ad.php id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Vulnerability Description\nBuddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_event.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.0.1 (2006-07-15) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the July 15, 2006 release without a change in version number. An upgrade is required as there are no known workarounds.\n## Short Description\nBuddy Zone contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate form fields upon submission to the view_event.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html\n[Secunia Advisory ID:20933](https://secuniaresearch.flexerasoftware.com/advisories/20933/)\n[Related OSVDB ID: 26991](https://vulners.com/osvdb/OSVDB:26991)\n[Related OSVDB ID: 26986](https://vulners.com/osvdb/OSVDB:26986)\n[Related OSVDB ID: 26988](https://vulners.com/osvdb/OSVDB:26988)\n[Related OSVDB ID: 26989](https://vulners.com/osvdb/OSVDB:26989)\n[Related OSVDB ID: 26993](https://vulners.com/osvdb/OSVDB:26993)\n[Related OSVDB ID: 26979](https://vulners.com/osvdb/OSVDB:26979)\n[Related OSVDB ID: 26992](https://vulners.com/osvdb/OSVDB:26992)\n[Related OSVDB ID: 26987](https://vulners.com/osvdb/OSVDB:26987)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0245.html\nISS X-Force ID: 27512\nFrSIRT Advisory: ADV-2006-2645\n[CVE-2006-3494](https://vulners.com/cve/CVE-2006-3494)\nBugtraq ID: 18759\n", "modified": "2006-06-30T09:33:59", "published": "2006-06-30T09:33:59", "href": "https://vulners.com/osvdb/OSVDB:26990", "id": "OSVDB:26990", "title": "Buddy Zone view_event.php XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "description": "## Vulnerability Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_sub_forum.php script not properly sanitizing user-supplied input to the 'main_cat' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nBuddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_sub_forum.php script not properly sanitizing user-supplied input to the 'main_cat' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n\nAdditionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.\n## Manual Testing Notes\nhttp://[target]/view_sub_forum.php?main_cat='\n## References:\nVendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html\n[Secunia Advisory ID:20933](https://secuniaresearch.flexerasoftware.com/advisories/20933/)\n[Related OSVDB ID: 26981](https://vulners.com/osvdb/OSVDB:26981)\n[Related OSVDB ID: 26982](https://vulners.com/osvdb/OSVDB:26982)\n[Related OSVDB ID: 26983](https://vulners.com/osvdb/OSVDB:26983)\n[Related OSVDB ID: 26986](https://vulners.com/osvdb/OSVDB:26986)\n[Related OSVDB ID: 26985](https://vulners.com/osvdb/OSVDB:26985)\n[Related OSVDB ID: 26980](https://vulners.com/osvdb/OSVDB:26980)\n[Related OSVDB ID: 26984](https://vulners.com/osvdb/OSVDB:26984)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html\nISS X-Force ID: 27514\nISS X-Force ID: 27515\nFrSIRT Advisory: ADV-2006-2645\n[CVE-2006-3494](https://vulners.com/cve/CVE-2006-3494)\n", "modified": "2006-06-30T09:33:59", "published": "2006-06-30T09:33:59", "href": "https://vulners.com/osvdb/OSVDB:26979", "id": "OSVDB:26979", "title": "Buddy Zone view_sub_forum.php main_cat Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
