PT-2006-3124 · Hb · Hb-Ns

Aliaksandr Hartsuyeu

Published

2006-05-02

Updated

2017-07-20

CVE-2006-2145

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions HB-NS version 1.1.6

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the topic or id parameter in the index.php file.

Recommendations For HB-NS version 1.1.6, update to a version that fixes the SQL injection vulnerabilities in the index.php file. As a temporary workaround, consider restricting access to the index.php file or validating and sanitizing the topic and id parameters to prevent malicious input.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2145

Affected Products

Hb-Ns

PT-2006-3124 · Hb · Hb-Ns

CVE-2006-2145

Related Identifiers

Affected Products

References · 7