7.5

CVE-2006-3994

Exploit

EPSS 0.9%
Published 05.08.2006 00:04:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Xmb Software ≫ Xmb Forum Version <= 1.9.6_alpha

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.9%	0.747

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://docs.xmbforum2.com/index.php?title=Security_Issue_History

http://secunia.com/advisories/21293

Vendor Advisory

http://www.securityfocus.com/bid/19280

Exploit

http://www.vupen.com/english/advisories/2006/3088

https://exchange.xforce.ibmcloud.com/vulnerabilities/28159

https://www.exploit-db.com/exploits/2105

https://nvd.nist.gov/vuln/detail/CVE-2006-3994

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3994

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3994

EUVD