CVE-2006-2034

Flexbb - SQL Injection

Title source: rule

Description

SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Devil-00 · perlwebappsphp

https://www.exploit-db.com/exploits/1713

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/431793/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17574

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24867

Scores

EPSS 0.0035

EPSS Percentile 57.4%

Details

Status published

Products (1)

flexbb/flexbb 0.5.5

Published Apr 26, 2006

Tracked Since Feb 18, 2026