CVE-2006-1638 Information

Description

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php (b) changep.php (c) editac.php (d) feedback.php (e) fpass.php (f) login.php (g) post.php (h) reply.php or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.

Reference

http://evuln.com/vulns/117/summary.html http://secunia.com/advisories/19486 http://www.osvdb.org/24340 http://www.osvdb.org/24341 http://www.osvdb.org/24342 http://www.osvdb.org/24343 http://www.osvdb.org/24344 http://www.osvdb.org/24345 http://www.osvdb.org/24346 http://www.osvdb.org/24347 http://www.osvdb.org/24348 http://www.osvdb.org/24349 http://www.osvdb.org/24350 http://www.osvdb.org/24351 http://www.osvdb.org/24352 http://www.securityfocus.com/archive/1/431064/100/0/threaded http://www.securityfocus.com/bid/17352 http://www.vupen.com/english/advisories/2006/1197 https://exchange.xforce.ibmcloud.com/vulnerabilities/25587