Unrated severityNVD Advisory· Published May 9, 2006· Updated Apr 16, 2026
CVE-2006-2268
CVE-2006-2268
Description
SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected.
Affected products
2cpe:2.3:a:flexcustomer:flexcustomer:0.0.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:flexcustomer:flexcustomer:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:flexcustomer:flexcustomer:0.0.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- securityreason.com/securityalert/858nvdExploit
- secunia.com/advisories/20016nvdVendor Advisory
- www.securityfocus.com/bid/17864nvdVendor Advisory
- www.vupen.com/english/advisories/2006/1690nvdVendor Advisory
- www.osvdb.org/25342nvd
- www.osvdb.org/25343nvd
- www.securityfocus.com/archive/1/433125/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26323nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/47651nvd
- www.exploit-db.com/exploits/7622nvd
News mentions
0No linked articles in our index yet.