Vulnerability Description
SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flexbb | Flexbb | 0.5.5 |
References
- http://www.osvdb.org/24867
- http://www.securityfocus.com/archive/1/431793/100/0/threaded
- http://www.securityfocus.com/bid/17574
- http://www.osvdb.org/24867
- http://www.securityfocus.com/archive/1/431793/100/0/threaded
- http://www.securityfocus.com/bid/17574
FAQ
What is CVE-2006-2034?
CVE-2006-2034 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the sho...
How severe is CVE-2006-2034?
CVE-2006-2034 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2034?
Check the references section above for vendor advisories and patch information. Affected products include: Flexbb Flexbb.