CVE-2006-3940

phpbb-auction - SQL Injection via ar Parameter in auction_room.php and u Parameter in auction_store.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-3940. PoCs published by l2odon.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in PHPBB-Auction, where the 'u' parameter in auction_store.php is not properly sanitized. It lacks actual exploit code but outlines the vulnerability and potential impact.

Description

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.

Exploits (2)

exploitdb WRITEUP VERIFIED
by l2odon · textwebappsphp
https://www.exploit-db.com/exploits/28282

The provided text describes a SQL injection vulnerability in PHPBB-Auction, where the 'u' parameter in auction_store.php is not properly sanitized. It lacks actual exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PHPBB-Auction (version not specified)
No auth needed
Prerequisites: Access to the vulnerable PHPBB-Auction instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by l2odon · textwebappsphp
https://www.exploit-db.com/exploits/28281

The provided text describes SQL injection vulnerabilities in PHPBB-Auction due to improper input sanitization. It outlines potential attack vectors via URL parameters but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PHPBB-Auction (version not specified)
No auth needed
Prerequisites: Access to the vulnerable application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28006
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/441190/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19179
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1306

Scores

EPSS 0.0112
EPSS Percentile 62.0%

Details

Status published
Products (3)
phpbb_group/phpbb-auction 1.0m
phpbb_group/phpbb-auction 1.2m
phpbb_group/phpbb-auction 1.3m
Published Jul 31, 2006
Tracked Since Feb 18, 2026