Back to CVE Browser

CVE-2006-1000

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0590%

EPSS Percentile44.10th

PublishedMar 6, 2006

Last ModifiedApr 16, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

Affected Platforms (CPE)

📦

G2soft

Pentacle In Out Board

= 6.03

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html

🔗 http://secunia.com/advisories/19024

🔗 http://securitytracker.com/id?1015682

🔗 http://www.nukedx.com/?viewdoc=13

🔗 http://www.nukedx.com/?viewdoc=14

🔗 http://www.securityfocus.com/archive/1/426074/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/426075/100/0/threaded

Related Vulnerabilities

CVE-2006-610210.0

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X ser...

CVE-2006-446110.0

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the pr...

CVE-2006-607610.0

Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier ...

CVE-2006-502510.0

Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack ve...