Unrated severityNVD Advisory· Published Apr 6, 2006· Updated Apr 16, 2026

CVE-2006-1638

Description

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.

Affected products

Aweb Labs/Awebbb
cpe:2.3:a:aweb_labs:awebbb:1.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19486nvdVendor Advisory
evuln.com/vulns/117/summary.htmlnvd
www.osvdb.org/24340nvd
www.osvdb.org/24341nvd
www.osvdb.org/24342nvd
www.osvdb.org/24343nvd
www.osvdb.org/24344nvd
www.osvdb.org/24345nvd
www.osvdb.org/24346nvd
www.osvdb.org/24347nvd
www.osvdb.org/24348nvd
www.osvdb.org/24349nvd
www.osvdb.org/24350nvd
www.osvdb.org/24351nvd
www.osvdb.org/24352nvd
www.securityfocus.com/archive/1/431064/100/0/threadednvd
www.securityfocus.com/bid/17352nvd
www.vupen.com/english/advisories/2006/1197nvd
exchange.xforce.ibmcloud.com/vulnerabilities/25587nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000