SQL Injection Vulnerabilities in phpbb-Auction by PHP-Auction
CVE-2006-3940

Currently unrated

Key Information:

Vendor

PHPbb Group

Status
PHPbb-auction
Vendor
CVE Published:
31 July 2006

What is CVE-2006-3940?

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands. Attackers can exploit the 'ar' parameter in auction_room.php and the 'u' parameter in auction_store.php, posing significant security risks to the affected installations. This issue highlights weaknesses in user input validation, making it crucial for users to apply necessary patches and updates to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28006
vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/441190/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/19179
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.