Unrated severityNVD Advisory· Published Apr 13, 2006· Updated Apr 16, 2026

CVE-2006-1766

Description

Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php.

Affected products

Papoo/Papoo4 versions
cpe:2.3:a:papoo:papoo:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:papoo:papoo:*:*:*:*:*:*:*:*range: <=3_beta1
- cpe:2.3:a:papoo:papoo:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:papoo:papoo:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:papoo:papoo:2.1.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pridels0.blogspot.com/2006/04/papoo-multiple-sql-vuln.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/25728nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000