7.5

CVE-2006-3994

Exploit

EPSS 0.9%
Veröffentlicht 05.08.2006 00:04:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xmb Software ≫ Xmb Forum Version <= 1.9.6_alpha

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.747

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://docs.xmbforum2.com/index.php?title=Security_Issue_History

http://secunia.com/advisories/21293

Vendor Advisory

http://www.securityfocus.com/bid/19280

Exploit

http://www.vupen.com/english/advisories/2006/3088

https://exchange.xforce.ibmcloud.com/vulnerabilities/28159

https://www.exploit-db.com/exploits/2105

https://nvd.nist.gov/vuln/detail/CVE-2006-3994

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3994

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3994

EUVD