CVE-2006-1811

Name of the Vulnerable Software and Affected Versions FlexBB version 0.5.5 BETA

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters to index.php, including id, forumid, and threadid. Additionally, multiple fields in the user profile are vulnerable, including ICQ, AIM, MSN, Google Talk, Website Name, Website Address, Email Address, Location, Signature, and Sub-Titles. The flexbb password field in a cookie is also affected.

Recommendations For FlexBB version 0.5.5 BETA, consider restricting access to the index.php endpoint and limiting user input for the vulnerable parameters and fields until a patch is available. As a temporary workaround, avoid using the vulnerable fields in user profiles and restrict the use of the flexbb password field in cookies.