CVE-2006-4367

Description

SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter.

Affected products

• all_topics / all_topics_hack1.5.0

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/28538
• EXPLOIThttps://www.exploit-db.com/exploits/2248
• MISChttp://www.securityfocus.com/bid/19682