CVE-2006-3168

CVE-2006-3168 is a SQL injection vulnerability in CS-Forum before version 0.82. The vulnerability allows remote attackers to execute arbitrary SQL commands through input parameters: (1) id and (2) debut in read.php, and (3) search and (4) debut in index.php. The exact root cause is an inadequate ...

CVE-2006-3170

CS-Forum prior to 0.82 is vulnerable to a remote path-disclosure via index.php, caused by unspecified manipulations (collapse[] or readall) that reveal the installation path in an error message. The affected product is CS-Forum; the indicator specifies version

CVE-2006-3169

CVE-2006-3169 affects CS-Forum 0.81 and earlier. The vulnerabilities exist in the web application’s read.php (parameters msg_result, rep_titre) and ajouter.php (parameters id, parent, CSForum_nom, CSForum_mail, CSForum_url; cookie parameters) allowing cross-site scripting. Root cause: improper ha...

CVE-2006-3171

CS-Forum prior to 0.82 is affected by a CRLF injection vulnerability that lets remote attackers inject arbitrary email headers via a newline character in the email parameter of ajouter.php. Root cause is improper handling of newline characters in user-supplied input, leading to header injection. ...