CVE-2006-2915

Published Jun 23, 2006

Last updated 6 years ago

Overview

Description: Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37F38906-2E8F-40E4-A03B-8121FDEF903C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2006-2915
http://secunia.com/advisories/20152
http://secunia.com/secunia_research/2006-44/advisory
http://securityreason.com/securityalert/1134
http://securitytracker.com/id?1016309
http://www.osvdb.org/26457
http://www.securityfocus.com/archive/1/437228/100/100/threaded
http://www.securityfocus.com/archive/1/438597/100/0/threaded
http://www.securityfocus.com/bid/18453
http://www.vupen.com/english/advisories/2006/2347
https://exchange.xforce.ibmcloud.com/vulnerabilities/27091

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References