CVE-2006-4367

All Topics Hack < 1.5.0 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SpiderZ · perlwebappsphp

https://www.exploit-db.com/exploits/2248

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28538

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2248

[Exploit] http://www.securityfocus.com/bid/19682

Scores

EPSS 0.0084

EPSS Percentile 74.7%

Details

Status published

Products (1)

all_topics/all_topics_hack < 1.5.0

Published Aug 26, 2006

Tracked Since Feb 18, 2026