CVE-2006-1638

critical

Description

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25587

http://www.vupen.com/english/advisories/2006/1197

http://www.securityfocus.com/bid/17352

http://www.securityfocus.com/archive/1/431064/100/0/threaded

http://www.osvdb.org/24352

http://www.osvdb.org/24351

http://www.osvdb.org/24350

http://www.osvdb.org/24349

http://www.osvdb.org/24348

http://www.osvdb.org/24347

http://www.osvdb.org/24346

http://www.osvdb.org/24345

http://www.osvdb.org/24344

http://www.osvdb.org/24343

http://www.osvdb.org/24342

http://www.osvdb.org/24341

http://www.osvdb.org/24340

http://secunia.com/advisories/19486

http://evuln.com/vulns/117/summary.html

Details

Source: Mitre, NVD

Published: 2006-04-06

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01922