CVE-2006-2915 Information

Description

Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail (2) languagex (3) xthetimeoffset and (4) xthetimeformat parameters during account registration.

Reference

http://secunia.com/advisories/20152 http://secunia.com/secunia_research/2006-44/advisory http://securityreason.com/securityalert/1134 http://securitytracker.com/id?1016309 http://www.osvdb.org/26457 http://www.securityfocus.com/archive/1/437228/100/100/threaded http://www.securityfocus.com/archive/1/438597/100/0/threaded http://www.securityfocus.com/bid/18453 http://www.vupen.com/english/advisories/2006/2347 https://exchange.xforce.ibmcloud.com/vulnerabilities/27091