CVE-2006-3012

Name of the Vulnerable Software and Affected Versions phpBannerExchange versions prior to 2.0 Update 6

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the login parameter in "client/stats.php" and "admin/stats.php", or the pass parameter in "client/stats.php".

Recommendations For versions prior to 2.0 Update 6, update to version 2.0 Update 6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "client/stats.php" and "admin/stats.php" endpoints until the update is applied. Avoid using the login and pass parameters in the affected endpoints until the issue is resolved.