Unrated severityNVD Advisory· Published May 9, 2006· Updated Jun 16, 2026
CVE-2006-2268
CVE-2006-2268
Description
SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:flexcustomer:flexcustomer:0.0.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:flexcustomer:flexcustomer:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:flexcustomer:flexcustomer:0.0.4:*:*:*:*:*:*:*
- (no CPE)range: <=0.0.6
Patches
Vulnerability mechanics
References
10- securityreason.com/securityalert/858nvdExploit
- secunia.com/advisories/20016nvdVendor Advisory
- www.securityfocus.com/bid/17864nvdVendor Advisory
- www.vupen.com/english/advisories/2006/1690nvdVendor Advisory
- www.osvdb.org/25342nvd
- www.osvdb.org/25343nvd
- www.securityfocus.com/archive/1/433125/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26323nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/47651nvd
- www.exploit-db.com/exploits/7622nvd
News mentions
0No linked articles in our index yet.