CVE-2006-1111

Name of the Vulnerable Software and Affected Versions Aztek Forum version 4.0

Description The issue allows remote attackers to obtain sensitive information by exploiting a weakness in the msg parameter to the "index.php" endpoint, which can reveal usernames and passwords in a MySQL error message. This is possibly due to a forced SQL error or SQL injection.

Recommendations For Aztek Forum version 4.0, consider restricting access to the index.php endpoint or avoiding the use of the msg parameter with a "/" value until a fix is available. As a temporary workaround, restrict database error messages to prevent sensitive information disclosure.