Vulnerabilities > CVE-2006-3994 - Unspecified vulnerability in XMB Software XMB Forum
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | XMB <= 1.9.6 (u2uid) Remote SQL Injection Exploit (mq=off). CVE-2006-3994. Webapps exploit for php platform |
| file | exploits/php/webapps/2105.php |
| id | EDB-ID:2105 |
| last seen | 2016-01-31 |
| modified | 2006-08-01 |
| platform | php |
| port | |
| published | 2006-08-01 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/2105/ |
| title | XMB <= 1.9.6 u2uid Remote SQL Injection Exploit mq=off |
| type | webapps |
Statements
| contributor | |
| lastmodified | 2008-12-11 |
| organization | XMB |
| statement | XMB versions 1.9.8 and later were checked and are not vulnerable. |