CVE-2006-5736

2006-11-06T18:07:00
ID CVE-2006-5736
Type cve
Reporter cve@mitre.org
Modified 2018-10-17T21:44:00

Description

SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. Successful exploitation requires that "register_globals" is enabled. This vulnerability is addressed in the following product release: PunBB, PunBB, 1.2.14