CVE-2006-2915 - OpenCVE

Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Deluxebb	Deluxebb

Configuration 1 [-]

cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/20152	Vendor Advisory
http://secunia.com/secunia_research/2006-44/advisory	Vendor Advisory
http://securityreason.com/securityalert/1134
http://securitytracker.com/id?1016309
http://www.osvdb.org/26457
http://www.securityfocus.com/archive/1/437228/100/100/threaded
http://www.securityfocus.com/archive/1/438597/100/0/threaded
http://www.securityfocus.com/bid/18453
http://www.vupen.com/english/advisories/2006/2347
https://exchange.xforce.ibmcloud.com/vulnerabilities/27091

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: flexera

Published: 2006-06-23T20:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-06-08T00:00:00

Link: CVE-2006-2915

JSON object: View

NVD Information

Status : Modified

Published: 2006-06-23T20:06:00.000

Modified: 2018-10-18T16:43:40.577

Link: CVE-2006-2915

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "20060628 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438597/100/0/threaded"}, {"name": "26457", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26457"}, {"name": "20152", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20152"}, {"name": "1016309", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016309"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2006-44/advisory"}, {"name": "ADV-2006-2347", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2347"}, {"name": "18453", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18453"}, {"name": "20060614 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/437228/100/100/threaded"}, {"name": "1134", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1134"}, {"name": "deluxebb-accountreg-sql-injection(27091)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27091"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2006-2915", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060628 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438597/100/0/threaded"}, {"name": "26457", "refsource": "OSVDB", "url": "http://www.osvdb.org/26457"}, {"name": "20152", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20152"}, {"name": "1016309", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016309"}, {"name": "http://secunia.com/secunia_research/2006-44/advisory", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-44/advisory"}, {"name": "ADV-2006-2347", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2347"}, {"name": "18453", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18453"}, {"name": "20060614 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/437228/100/100/threaded"}, {"name": "1134", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1134"}, {"name": "deluxebb-accountreg-sql-injection(27091)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27091"}]}}}}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2006-2915", "datePublished": "2006-06-23T20:00:00", "dateReserved": "2006-06-08T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*", "matchCriteriaId": "37F38906-2E8F-40E4-A03B-8121FDEF903C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration."}, {"lang": "es", "value": "Multiples vulnerabilidades de inyecci\u00f3n SQL en DeluxeBB v1.06 permite a los atacantes remotos ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) hideemail, (2) languagex, (3) xthetimeoffset, y (4) xthetimeformat durante el registro de la cuenta."}], "id": "CVE-2006-2915", "lastModified": "2018-10-18T16:43:40.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-23T20:06:00.000", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20152"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2006-44/advisory"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://securityreason.com/securityalert/1134"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://securitytracker.com/id?1016309"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.osvdb.org/26457"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/437228/100/100/threaded"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/438597/100/0/threaded"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/18453"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2006/2347"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27091"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}