CVE-2006-5738

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5738
Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:S/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://forums.punbb.org/viewtopic.php?id=13496 Patch
http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
http://forums.punbb.org/viewtopic.php?id=13496 Patch
http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_alpha:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_beta1a:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_beta3:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_rc2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.12:*:*:*:*:*:*:*
History

03 Apr 2025, 16:15

Type Values Removed Values Added
CWE CWE-89
CVSS v2 : 2.1
v3 : unknown 		v2 : 2.1
v3 : 7.2

21 Nov 2024, 00:20

Type Values Removed Values Added
References () http://forums.punbb.org/viewtopic.php?id=13496 - Patch () http://forums.punbb.org/viewtopic.php?id=13496 - Patch
References () http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt - () http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt -
Information

Published : 2006-11-06 18:07

Updated : 2025-04-09 00:30

NVD link : CVE-2006-5738

Mitre link : CVE-2006-5738

CVE.ORG link : CVE-2006-5738

JSON object : View

Products Affected

punbb

  • punbb
CWE
NVD-CWE-Other CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')