CVE-2006-4025
published 2006-08-09CVE-2006-4025: SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1)…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.25%
65.6th percentile
SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xennobb | xennobb | <= 2.1.0 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6vf6-39hw-9cqf: SQL injection vulnerability in profile
ghsa_unreviewed·2022-05-01
CVE-2006-4025 [HIGH] GHSA-6vf6-39hw-9cqf: SQL injection vulnerability in profile
SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.
Red Hat
php: regressions in 5.4+
vendor_redhat·2015-04-10·CVSS 5.0
CVE-2015-4025 [MEDIUM] CWE-626 php: regressions in 5.4+
php: regressions in 5.4+
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Ente
No detection rules found.
http://secunia.com/advisories/21409http://securityreason.com/securityalert/1344http://securitytracker.com/id?1016643http://www.securityfocus.com/archive/1/442423/100/0/threadedhttp://www.securityfocus.com/bid/19374http://www.vupen.com/english/advisories/2006/3190https://exchange.xforce.ibmcloud.com/vulnerabilities/28257http://secunia.com/advisories/21409http://securityreason.com/securityalert/1344http://securitytracker.com/id?1016643http://www.securityfocus.com/archive/1/442423/100/0/threadedhttp://www.securityfocus.com/bid/19374http://www.vupen.com/english/advisories/2006/3190https://exchange.xforce.ibmcloud.com/vulnerabilities/28257
2006-08-09
Published