Lucene search
MitreCVELIST:CVE-2006-6289HistoryDec 05, 2006 - 11:00 a.m.
CVE-2006-6289
2006-12-0511:00:00
mitre
www.cve.org
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter’s hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite.
Related
cve
cve
nvd
nvd
ubuntucve
ubuntucve
nessus
nessus
PmWiki < 2.1.21 Global Variables Overwriting
2006-09-06 00:00:00
WoltLab Burning Board Lite wbb_userid Parameter PHP Unset SQL Injection
2006-11-27 00:00:00
e107 ibrowser.php zend_has_del() Function Remote Code Execution
2006-09-02 00:00:00
cvelist
cvelist
prion
prion
Command injection
2007-10-09 18:17:00
Sql injection
2007-01-13 02:28:00
Sql injection
2009-09-11 16:30:00
suse
suse
bug fix in php4
2006-06-22 15:32:39
remote code execution in PHP4,PHP5
2006-06-14 16:37:08
debiancve
debiancve
CVE-2006-5116
2006-10-03 04:03:00
CVE-2007-0233
2007-01-13 02:28:00
redhat
redhat
(RHSA-2006:0567) php security update
2006-07-25 00:00:00
(RHSA-2006:0568) php security update
2006-07-12 00:00:00
centos
centos
php security update
2006-07-26 22:56:15
php security update
2006-07-12 19:14:58
openvas
openvas
Debian Security Advisory DSA 1206-1 (php4)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1206-1)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-320-1)
2022-08-26 00:00:00
debian
debian
[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities
2006-11-06 18:13:12
osv
osv
php4
2006-11-06 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2006-07-19 00:00:00