Unrated severityNVD Advisory· Published Nov 24, 2006· Updated Jun 16, 2026
CVE-2006-6090
CVE-2006-6090
Description
Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.
Affected products
2- cpe:2.3:a:baalasp:smart_form_portal:*:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- s-a-p.ca/index.phpnvdExploitVendor AdvisoryURL Repurposed
- www.securityfocus.com/bid/21111nvdExploit
- secunia.com/advisories/22943nvdVendor Advisory
- securityreason.com/securityalert/1913nvd
- www.securityfocus.com/archive/1/451846/100/100/threadednvd
- www.vupen.com/english/advisories/2006/4579nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30342nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30343nvd
News mentions
0No linked articles in our index yet.