Vulnerability CVE-2006-3994


Published: 2006-08-04   Modified: 2012-02-12

Description:
SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Xmb software -> Xmb forum 

 References:
http://www.securityfocus.com/bid/19280
http://www.vupen.com/english/advisories/2006/3088
https://exchange.xforce.ibmcloud.com/vulnerabilities/28159
https://www.exploit-db.com/exploits/2105

Copyright 2024, cxsecurity.com

 

Back to Top