2 matches found
CVE-2006-3994
SQL injection vulnerability in the u2usendrecp function in u2u.inc.php in XMB aka extreme message board 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $POST and bypasses the protection scheme...
CVE-2006-3994
XMB has a SQL injection vulnerability CVE-2006-3994 in the u2u_send_recp function of u2u.inc.php (v1.9.6 Alpha and earlier). The u2uid parameter to u2u.php, which is read directly from $_POST, can be used to execute arbitrary SQL commands, bypassing the protection scheme. Affected software: XMB (...