CVE-2006-3013
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2006-3013
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
phpBannerExchange resetpw.php sql注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
phpBannerExchange 2.0 Update 6之前版本中的resetpw.php存在解释冲突。远程攻击者可以借助e-mail地址之后含有空(%00) 字符的email参数, 通过eregi PHP命令中的验证检查,从而执行任意SQL命令。 注意: 有人可能认为此漏洞是由 eregi PHP命令中的bug所致,应当在PHP中进行适当修复;如果是这样,则不应将其视为phpBannerExchange中的漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2006-3013
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2006-3013
Please Login to view more intelligence information
- http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txtx_refsource_MISC
- http://www.eschew.net/scripts/phpbe/2.0/releasenotes.phpx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2006-3013
Same Patch Batch · n/a · 2006-06-19 · 36 CVEs total
| CVE-2006-3072 | Symantec Security Information Manager M4 Mac 认证绕过漏洞 | |
| CVE-2006-3064 | CPG include/function.inc.php SQL注入漏洞 | |
| CVE-2006-3065 | blur6ex blog.php SQL注入漏洞 | |
| CVE-2006-3066 | IBM DB2 Universal Database TCP/IP监听 缓冲区溢出 | |
| CVE-2006-3067 | IBM DB2 (UDB) 多个未明漏洞 | |
| CVE-2006-3068 | IBM DB2 UDB 特定信息 拒绝服务漏洞 | |
| CVE-2006-3069 | RETIRED: DoubleSpeak 多个远程文件包含漏洞 | |
| CVE-2006-3070 | Zeroboard write_ok.php 任意文件上载漏洞 | |
| CVE-2006-3071 | MP3 Search/Archive index.php 跨站脚本攻击(XSS)漏洞 | |
| CVE-2006-3063 | myPHP Guestbook 多个跨站脚本攻击(XSS)漏洞 | |
| CVE-2006-3073 | Cisco VPN3K/ASA WebVPN无客户端模式 多个跨站脚本攻击漏洞 | |
| CVE-2006-3074 | Kaspersky Anti-Virus klif.sys 拒绝服务漏洞 | |
| CVE-2006-3075 | PictureDis Professional/PictureDis Photoalbum 多个PHP远程文件包含漏洞 | |
| CVE-2006-3076 | PhpBlueDragon CMS Template.PHP 远程文件包含漏洞 | |
| CVE-2006-3077 | aXentGuestbook guestbook.cfm 跨站脚本攻击(XSS)漏洞 | |
| CVE-2006-3078 | APBoard 多个SQL注入漏洞 | |
| CVE-2006-3079 | SSPwiz Plus index.cfm 跨站脚本攻击(XSS)漏洞 | |
| CVE-2006-3080 | AxentForum viewposts.cfm 跨站脚本攻击漏洞 | |
| CVE-2006-3096 | iPostMX 多个SQL注入漏洞 | |
| CVE-2006-3088 | Car Classifieds index.php 跨站脚本(XSS)漏洞 |
Showing top 20 of 36 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8251
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8250
Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list - CVE-2026-8249
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8248
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial
V. Comments for CVE-2006-3013
No comments yet