CVE-2006-2034

FlexBB 0.5.5 - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2034. PoCs published by Devil-00.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in FlexBB's showprofile.php to dump usernames and password hashes from the database. It constructs a malicious HTTP GET request with a UNION-based SQL injection payload.

Description

SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Devil-00 · perlwebappsphp

https://www.exploit-db.com/exploits/1713

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in FlexBB's showprofile.php to dump usernames and password hashes from the database. It constructs a malicious HTTP GET request with a UNION-based SQL injection payload.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: FlexBB (version not specified)

Auth required

Prerequisites: Target FlexBB installation · Valid login credentials (cookie-based auth) · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/431793/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17574

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/24867

Scores

EPSS 0.0231

EPSS Percentile 81.1%

Details

Status published

Products (1)

flexbb/flexbb 0.5.5

Published Apr 26, 2006

Tracked Since Feb 18, 2026