CVE-2006-3797

Published: Jul 24, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.

Affected (3)

Products: Deluxebb: Deluxebb

Deluxebb

1 product

Deluxebb

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Deluxebb Deluxebb	Version 1.05
Deluxebb Deluxebb	Version 1.06
Deluxebb Deluxebb	Version 1.07

References (10)

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html

Source: cve@mitre.org

http://securityreason.com/securityalert/1254

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/440435/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/19052

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/27835

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html