Vulnerabilities > CVE-2006-2915 - SQL Injection vulnerability in Deluxebb 1.06

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

deluxebb

NVD

Published: 2006-06-23

Updated: 2018-10-18

Summary

Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.

Vulnerable Configurations

Part	Description	Count
Application	Deluxebb Deluxebb Deluxebb 1.06	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/47543/secunia-deluxebb.txt
id	PACKETSTORM:47543
last seen	2016-12-05
published	2006-06-21
reporter	Andreas Sandblad
source	https://packetstormsecurity.com/files/47543/secunia-deluxebb.txt.html
title	secunia-deluxebb.txt

References

http://secunia.com/advisories/20152
http://secunia.com/secunia_research/2006-44/advisory
http://securityreason.com/securityalert/1134
http://securitytracker.com/id?1016309
http://www.osvdb.org/26457
http://www.securityfocus.com/archive/1/437228/100/100/threaded
http://www.securityfocus.com/archive/1/438597/100/0/threaded
http://www.securityfocus.com/bid/18453
http://www.vupen.com/english/advisories/2006/2347
https://exchange.xforce.ibmcloud.com/vulnerabilities/27091