CVE-2006-0778 - OpenCVE

Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xmb Forum	Xmb

Configuration 1 [-]

cpe:2.3:a:xmb_forum:xmb:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/18821	Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00100-02122006	Exploit Vendor Advisory
http://www.osvdb.org/23117
http://www.osvdb.org/23118
http://www.securityfocus.com/archive/1/425084/100/0/threaded
http://www.securityfocus.com/bid/16604
http://www.vupen.com/english/advisories/2006/0529
http://www.xmbforum.com/
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
https://exchange.xforce.ibmcloud.com/vulnerabilities/24646

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-19T00:00:00

Updated: 2021-04-29T14:36:25

Reserved: 2006-02-18T00:00:00

Link: CVE-2006-0778

JSON object: View

NVD Information

Status : Modified

Published: 2006-02-19T00:02:00.000

Modified: 2021-04-29T15:15:09.977

Link: CVE-2006-0778

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-29T14:36:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060212 XMB Forums Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/425084/100/0/threaded"}, {"name": "ADV-2006-0529", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0529"}, {"name": "23118", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/23118"}, {"name": "16604", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16604"}, {"name": "xmbforum-multiple-sql-injection(24646)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24646"}, {"name": "18821", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18821"}, {"name": "23117", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/23117"}, {"tags": ["x_refsource_MISC"], "url": "http://www.xmbforum.com/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gulftech.org/?node=research&article_id=00100-02122006"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0778", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060212 XMB Forums Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/425084/100/0/threaded"}, {"name": "ADV-2006-0529", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0529"}, {"name": "23118", "refsource": "OSVDB", "url": "http://www.osvdb.org/23118"}, {"name": "16604", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16604"}, {"name": "xmbforum-multiple-sql-injection(24646)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24646"}, {"name": "18821", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18821"}, {"name": "23117", "refsource": "OSVDB", "url": "http://www.osvdb.org/23117"}, {"name": "http://www.xmbforum.com/", "refsource": "MISC", "url": "http://www.xmbforum.com/"}, {"name": "http://www.gulftech.org/?node=research&article_id=00100-02122006", "refsource": "MISC", "url": "http://www.gulftech.org/?node=research&article_id=00100-02122006"}, {"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "refsource": "MISC", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0778", "datePublished": "2006-02-19T00:00:00", "dateReserved": "2006-02-18T00:00:00", "dateUpdated": "2021-04-29T14:36:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmb_forum:xmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E1D3271-7AF8-4993-95A1-AA4A0323E31E", "versionEndIncluding": "1.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php."}], "id": "CVE-2006-0778", "lastModified": "2021-04-29T15:15:09.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-02-19T00:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18821"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.gulftech.org/?node=research&article_id=00100-02122006"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/23117"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/23118"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425084/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16604"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0529"}, {"source": "cve@mitre.org", "url": "http://www.xmbforum.com/"}, {"source": "cve@mitre.org", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24646"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "XMB versions 1.9.8 and later were checked and are not vulnerable. Upgrades are available at https://www.xmbforum2.com/", "lastModified": "2021-04-23T12:32:23.683", "organization": "XMB"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}