Unrated severityNVD Advisory· Published Jan 26, 2006· Updated Apr 16, 2026

CVE-2006-0444

Description

SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.

Affected products

Phpclanwebsite/Phpclanwebsite
cpe:2.3:a:phpclanwebsite:phpclanwebsite:1.23.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18597nvdPatchVendor Advisory
www.securityfocus.com/bid/16391nvdPatch
www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txtnvdExploitVendor Advisory
www.osvdb.org/22720nvd
www.osvdb.org/22722nvd
www.securityfocus.com/archive/1/423145/100/0/threadednvd
www.vupen.com/english/advisories/2006/0342nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24355nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000