PT-2006-6203 · Xchangeboard · Xchangeboard

Published

2006-10-25

Updated

2017-07-20

CVE-2006-5488

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions XchangeBoard versions 1.70 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login, specifically when magic quotes gpc is disabled.

Recommendations For XchangeBoard versions 1.70 and earlier, consider disabling the login functionality until a patch is available, or ensure that magic quotes gpc is enabled to mitigate the risk of SQL injection attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5488

Affected Products

Xchangeboard

PT-2006-6203 · Xchangeboard · Xchangeboard

CVE-2006-5488

Related Identifiers

Affected Products

References · 6