CVE-2006-6090

critical

Description

Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30343

https://exchange.xforce.ibmcloud.com/vulnerabilities/30342

http://www.vupen.com/english/advisories/2006/4579

http://www.securityfocus.com/archive/1/451846/100/100/threaded

http://securityreason.com/securityalert/1913

http://secunia.com/advisories/22943

Details

Source: Mitre, NVD

Published: 2006-11-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00967