CVE-2006-2915 - OpenCVE

Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Deluxebb	Deluxebb

Configuration 1 [-]

cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/20152
http://secunia.com/secunia_research/2006-44/advisory
http://securityreason.com/securityalert/1134
http://securitytracker.com/id?1016309
http://www.osvdb.org/26457
http://www.securityfocus.com/archive/1/437228/100/100/threaded
http://www.securityfocus.com/archive/1/438597/100/0/threaded
http://www.securityfocus.com/bid/18453
http://www.vupen.com/english/advisories/2006/2347
https://exchange.xforce.ibmcloud.com/vulnerabilities/27091

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2006-06-23T20:00:00

Updated: 2024-08-07T18:06:27.212Z

Reserved: 2006-06-08T00:00:00

Link: CVE-2006-2915

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-06-23T20:06:00.000

Modified: 2018-10-18T16:43:40.577

Link: CVE-2006-2915

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "20060628 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438597/100/0/threaded"}, {"name": "26457", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26457"}, {"name": "20152", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20152"}, {"name": "1016309", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016309"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2006-44/advisory"}, {"name": "ADV-2006-2347", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2347"}, {"name": "18453", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18453"}, {"name": "20060614 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/437228/100/100/threaded"}, {"name": "1134", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1134"}, {"name": "deluxebb-accountreg-sql-injection(27091)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27091"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2006-2915", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060628 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438597/100/0/threaded"}, {"name": "26457", "refsource": "OSVDB", "url": "http://www.osvdb.org/26457"}, {"name": "20152", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20152"}, {"name": "1016309", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016309"}, {"name": "http://secunia.com/secunia_research/2006-44/advisory", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-44/advisory"}, {"name": "ADV-2006-2347", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2347"}, {"name": "18453", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18453"}, {"name": "20060614 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/437228/100/100/threaded"}, {"name": "1134", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1134"}, {"name": "deluxebb-accountreg-sql-injection(27091)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27091"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:06:27.212Z"}, "title": "CVE Program Container", "references": [{"name": "20060628 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438597/100/0/threaded"}, {"name": "26457", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26457"}, {"name": "20152", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20152"}, {"name": "1016309", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016309"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2006-44/advisory"}, {"name": "ADV-2006-2347", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2347"}, {"name": "18453", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18453"}, {"name": "20060614 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/437228/100/100/threaded"}, {"name": "1134", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1134"}, {"name": "deluxebb-accountreg-sql-injection(27091)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27091"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2006-2915", "datePublished": "2006-06-23T20:00:00", "dateReserved": "2006-06-08T00:00:00", "dateUpdated": "2024-08-07T18:06:27.212Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*", "matchCriteriaId": "37F38906-2E8F-40E4-A03B-8121FDEF903C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration."}, {"lang": "es", "value": "Multiples vulnerabilidades de inyecci\u00f3n SQL en DeluxeBB v1.06 permite a los atacantes remotos ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) hideemail, (2) languagex, (3) xthetimeoffset, y (4) xthetimeformat durante el registro de la cuenta."}], "id": "CVE-2006-2915", "lastModified": "2018-10-18T16:43:40.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-23T20:06:00.000", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20152"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2006-44/advisory"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://securityreason.com/securityalert/1134"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://securitytracker.com/id?1016309"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.osvdb.org/26457"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/437228/100/100/threaded"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/438597/100/0/threaded"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/18453"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2006/2347"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27091"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}