CVE-2006-3168 Information

Description

SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php and the (3) search and (4) debut parameters in (b) index.php.

Reference

http://secunia.com/advisories/20534 http://securityreason.com/securityalert/1124 http://www.acid-root.new.fr/advisories/csforum081.txt http://www.comscripts.com/scripts/php.cs-forum.643.html http://www.osvdb.org/26382 http://www.osvdb.org/26383 http://www.securityfocus.com/archive/1/436789/100/0/threaded http://www.vupen.com/english/advisories/2006/2314 https://exchange.xforce.ibmcloud.com/vulnerabilities/27176