NuytsTech Security

CVE-2006-5736

by ·

SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized.

Date published : 2006-11-06

http://www.securityfocus.com/archive/1/450055/100/0/threaded

http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt

Tags: