CVE-2006-3994 Information

Description

SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php which is directly accessed from $_POST and bypasses the protection scheme.

Reference

http://secunia.com/advisories/21293 http://www.securityfocus.com/bid/19280 http://www.vupen.com/english/advisories/2006/3088 https://exchange.xforce.ibmcloud.com/vulnerabilities/28159 https://www.exploit-db.com/exploits/2105