SQL Injection Vulnerability in Powie's PHP Forum by Powie
CVE-2006-6038

Currently unrated

Key Information:

Vendor: Powie
Status: Pforum
Vendor: CVE Published:; 22 November 2006

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2006-6038?

The SQL injection vulnerability in the editpoll.php file of Powie's PHP Forum (version 1.29a and earlier) allows remote attackers to manipulate database queries through the 'id' parameter. This exploitation can lead to unauthorized access to sensitive data, unauthorized actions, and potentially complete database compromise. Organizations using affected versions are urged to implement security measures and upgrade to secure versions to mitigate risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-6038 - Proof of Concept

References

http://www.securityfocus.com/bid/21144

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/2797

exploitx_refsource_EXPLOIT-DB

http://www.vupen.com/english/advisories/2006/4607

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 22, 2006
👾
Exploit known to exist
Nov 22, 2006
Vulnerability published
Nov 22, 2006
Vulnerability Reserved
Nov 21, 2006

CVE-2006-6038 Data

JSON