CVE-2006-3994: SQL Injection
First published: Sat Aug 05 2006(Updated: )
SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| XMB Forum | <=1.9.6_alpha |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-3994?
CVE-2006-3994 has a medium severity rating due to its SQL injection vulnerability.
How do I fix CVE-2006-3994?
To fix CVE-2006-3994, upgrade to a version of XMB Forum later than 1.9.6 Alpha.
What software is affected by CVE-2006-3994?
CVE-2006-3994 affects XMB Forum version 1.9.6 Alpha and earlier.
Can CVE-2006-3994 be exploited remotely?
Yes, CVE-2006-3994 can be exploited remotely by attackers sending specially crafted requests.
What type of vulnerability is CVE-2006-3994?
CVE-2006-3994 is classified as an SQL injection vulnerability.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/author
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/xmb software
- canonical/xmb forum
- version/xmb forum/1.9.6_alpha