Published: 19/06/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in phpBannerExchange prior to 2.0 Update 6 allows remote malicious users to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eschew.net phpbannerexchange 2.0_update_1
eschew.net phpbannerexchange 2.0_update_2
eschew.net phpbannerexchange 2.0_update_5
eschew.net phpbannerexchange 2.0
eschew.net phpbannerexchange 2.0_update_3
eschew.net phpbannerexchange 2.0_update_4

RedTeam has identified two SQL injections in phpBannerExchange versions 20 RC5 and below It is possible to bypass user authentication with them ...

NVD-CWE-Other http://www.redteam-pentesting.de/advisories/rt-sa-2006-004.txt http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php http://www.securityfocus.com/bid/18448 http://www.osvdb.org/26510 http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046954.html http://www.vupen.com/english/advisories/2006/2402 https://exchange.xforce.ibmcloud.com/vulnerabilities/27195 http://www.securityfocus.com/archive/1/437290/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/47616/rt-sa-2006-004.txt.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-3012

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect