CVE-2006-0154
Description
SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
Root cause
"The $ForumID variable is not sanitized before being used in a SQL query in showthread.php."
Attack vector
An attacker must be logged in as a registered user. The attacker sends a crafted HTTP GET request to showthread.php with a malicious ForumID parameter containing SQL injection payloads, such as a UNION SELECT statement, to extract arbitrary data from the database [ref_id=1].
Affected code
The vulnerable script is showthread.php. The variable $ForumID is taken from the ForumID query-string parameter and used directly in a SQL query without sanitization [ref_id=1].
What the fix does
No patch has been published by the vendor. The advisory notes that the vulnerability remains unpatched and recommends checking the vendor's website for updates [ref_id=1].
Preconditions
- authAttacker must be logged in as a registered user
- networkAttacker must be able to send HTTP GET requests to showthread.php
- inputAttacker supplies a malicious ForumID query parameter
Reproduction
Log in as a registered user, then visit a URL such as: http://host/bb427/showthread.php?ForumID=999%20union%20select%20UserName,Passwrod,null,null%20from%20prefPersonal [ref_id=1].
Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- evuln.com/vulns/18/summary.htmlnvdExploitVendor Advisory
- www.securityfocus.com/bid/16169nvdExploit
- secunia.com/advisories/18354nvdVendor Advisory
- www.osvdb.org/22275nvd
- www.securityfocus.com/archive/1/421326/100/0/threadednvd
- www.vupen.com/english/advisories/2006/0091nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24039nvd
News mentions
0No linked articles in our index yet.