Vulnerabilities > Eschew NET > Phpbannerexchange > 2.0.update.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-19 | CVE-2006-3013 | SQL Injection vulnerability in phpBannerExchange Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. | 5.1 |
2006-06-19 | CVE-2006-3012 | SQL Injection vulnerability in phpBannerExchange SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php. | 7.5 |