CVE-2006-2674

Name of the Vulnerable Software and Affected Versions Tamber Forum versions 1.9.13 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters and fields, including the frm id parameter to "show forum.asp", a search field to "forum search.asp", Email address or Password to "admin/index.asp", the frm cat id parameter to "browse forum cat.asp", or the Message Subject or Message Text field to "post message.asp".

Recommendations For Tamber Forum versions 1.9.13 and earlier, update to a version later than 1.9.13 to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints, such as "show forum.asp", "forum search.asp", "admin/index.asp", "browse forum cat.asp", and "post message.asp", until a patch is available. Avoid using the vulnerable parameters, such as frm id, frm cat id, Email address, Password, Message Subject, and Message Text, in the affected API endpoints until the issue is resolved.