CVE-2006-1051

critical

Description

SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25115

http://www.vupen.com/english/advisories/2006/0841

http://www.securityfocus.com/bid/16989

http://sourceforge.net/project/shownotes.php?release_id=398713&group_id=155783

http://secunia.com/advisories/19112

Details

Source: Mitre, NVD

Published: 2006-03-07

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00596