Vulnerabilities > CVE-2006-4367 - SQL Injection vulnerability in All Topics phpBB module
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
D2sec
name | phpBB alltopics.php SQLI |
url | http://www.d2sec.com/exploits/phpbb_alltopics.php_sqli.html |
Exploit-Db
description | phpBB All Topics Mod <= 1.5.0 (start) Remote SQL Injection Exploit. CVE-2006-4367. Webapps exploit for php platform |
file | exploits/php/webapps/2248.pl |
id | EDB-ID:2248 |
last seen | 2016-01-31 |
modified | 2006-08-23 |
platform | php |
port | |
published | 2006-08-23 |
reporter | SpiderZ |
source | https://www.exploit-db.com/download/2248/ |
title | phpBB All Topics Mod <= 1.5.0 - start Remote SQL Injection Exploit |
type | webapps |