Vulnerabilities > CVE-2006-3940 - SQL Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M/1.3M

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
phpbb-group
exploit available
NVD
Published: 2006-07-31
Updated: 2018-10-17

Summary

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.

Vulnerable Configurations

Part Description Count
Application
Phpbb_Group
3

Exploit-Db

  • descriptionphpbb-auction 1.x auction_room.php ar Parameter SQL Injection. CVE-2006-3940. Webapps exploit for php platform
    idEDB-ID:28281
    last seen2016-02-03
    modified2006-07-26
    published2006-07-26
    reporterl2odon
    sourcehttps://www.exploit-db.com/download/28281/
    titlephpbb-auction 1.x auction_room.php ar Parameter SQL Injection
  • descriptionphpbb-auction 1.x auction_store.php u Parameter SQL Injection. CVE-2006-3940. Webapps exploit for php platform
    idEDB-ID:28282
    last seen2016-02-03
    modified2006-07-26
    published2006-07-26
    reporterl2odon
    sourcehttps://www.exploit-db.com/download/28282/
    titlephpbb-auction 1.x auction_store.php u Parameter SQL Injection

References