Vulnerabilities > CVE-2006-3940 - SQL Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M/1.3M
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description phpbb-auction 1.x auction_room.php ar Parameter SQL Injection. CVE-2006-3940. Webapps exploit for php platform id EDB-ID:28281 last seen 2016-02-03 modified 2006-07-26 published 2006-07-26 reporter l2odon source https://www.exploit-db.com/download/28281/ title phpbb-auction 1.x auction_room.php ar Parameter SQL Injection description phpbb-auction 1.x auction_store.php u Parameter SQL Injection. CVE-2006-3940. Webapps exploit for php platform id EDB-ID:28282 last seen 2016-02-03 modified 2006-07-26 published 2006-07-26 reporter l2odon source https://www.exploit-db.com/download/28282/ title phpbb-auction 1.x auction_store.php u Parameter SQL Injection