CVE-2006-3013

Name of the Vulnerable Software and Affected Versions phpBannerExchange versions prior to 2.0 Update 6

Description The issue arises from an interpretation conflict in the resetpw.php file, allowing remote attackers to execute arbitrary SQL commands. This is achieved by including a null (%00) character after a valid e-mail address in the email parameter, which bypasses the validation check performed by the eregi PHP command.

Recommendations For versions prior to 2.0 Update 6, consider updating to version 2.0 Update 6 or later to resolve the issue. As a temporary workaround, restrict the use of the email parameter in the resetpw.php file to prevent potential SQL command execution.