Unrated severityNVD Advisory· Published Jun 19, 2006· Updated Apr 16, 2026
CVE-2006-3012
CVE-2006-3012
Description
SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php.
Affected products
6cpe:2.3:a:eschew.net:phpbannerexchange:2.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:eschew.net:phpbannerexchange:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_1:*:*:*:*:*:*:*
- cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_2:*:*:*:*:*:*:*
- cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_3:*:*:*:*:*:*:*
- cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_4:*:*:*:*:*:*:*
- cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.securityfocus.com/bid/18448nvdPatch
- www.redteam-pentesting.de/advisories/rt-sa-2006-004.txtnvdExploitVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2006-June/046954.htmlnvd
- www.eschew.net/scripts/phpbe/2.0/releasenotes.phpnvd
- www.osvdb.org/26510nvd
- www.securityfocus.com/archive/1/437290/100/0/threadednvd
- www.vupen.com/english/advisories/2006/2402nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27195nvd
News mentions
0No linked articles in our index yet.