CVE-2006-3013 - Vulnerability Details - OpenCVE

Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eschew.net	Phpbannerexchange

Configuration 1 [-]

OR	cpe:2.3:a:eschew.net:phpbannerexchange:2.0:::::::*
	cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_1:::::::*
	cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_2:::::::*
	cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_3:::::::*
	cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_4:::::::*
	cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_5:::::::*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html
http://secunia.com/advisories/20687
http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php
http://www.osvdb.org/26509
http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt
http://www.securityfocus.com/archive/1/437294/100/0/threaded
http://www.securityfocus.com/bid/18448
http://www.vupen.com/english/advisories/2006/2358
https://exchange.xforce.ibmcloud.com/vulnerabilities/27193

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-19T10:00:00

Updated: 2024-08-07T18:16:05.615Z

Reserved: 2006-06-13T00:00:00

Link: CVE-2006-3013

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-06-19T10:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3013

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-15T00:00:00", "descriptions": [{"lang": "en", "value": "Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html"}, {"name": "18448", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18448"}, {"name": "26509", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26509"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php"}, {"tags": ["x_refsource_MISC"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt"}, {"name": "ADV-2006-2358", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2358"}, {"name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/437294/100/0/threaded"}, {"name": "phpbannerexchange-resetpw-info-disclosure(27193)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27193"}, {"name": "20687", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20687"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2006-3013", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html"}, {"name": "18448", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18448"}, {"name": "26509", "refsource": "OSVDB", "url": "http://www.osvdb.org/26509"}, {"name": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php", "refsource": "CONFIRM", "url": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php"}, {"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt", "refsource": "MISC", "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt"}, {"name": "ADV-2006-2358", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2358"}, {"name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/437294/100/0/threaded"}, {"name": "phpbannerexchange-resetpw-info-disclosure(27193)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27193"}, {"name": "20687", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20687"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:16:05.615Z"}, "title": "CVE Program Container", "references": [{"name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html"}, {"name": "18448", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18448"}, {"name": "26509", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26509"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt"}, {"name": "ADV-2006-2358", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2358"}, {"name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/437294/100/0/threaded"}, {"name": "phpbannerexchange-resetpw-info-disclosure(27193)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27193"}, {"name": "20687", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20687"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3013", "datePublished": "2006-06-19T10:00:00", "dateReserved": "2006-06-13T00:00:00", "dateUpdated": "2024-08-07T18:16:05.615Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eschew.net:phpbannerexchange:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4BC70C5-F71C-4A3D-9ADC-A05F07F17E18", "vulnerable": true}, {"criteria": "cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_1:*:*:*:*:*:*:*", "matchCriteriaId": "6A6A8825-0E98-437B-9624-C9F659176A6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_2:*:*:*:*:*:*:*", "matchCriteriaId": "E3D97DE9-F264-46C1-A5F6-A2BDC24518D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_3:*:*:*:*:*:*:*", "matchCriteriaId": "898E28E1-0BDD-40C3-82C1-0B00EC2077DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_4:*:*:*:*:*:*:*", "matchCriteriaId": "CDF685B7-8CBA-487E-8A56-113C898ECD45", "vulnerable": true}, {"criteria": "cpe:2.3:a:eschew.net:phpbannerexchange:2.0_update_5:*:*:*:*:*:*:*", "matchCriteriaId": "27292330-05A4-4ACA-AF99-2DBDA0D58A58", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange."}, {"lang": "es", "value": "Conflictos de interpretaci\u00f3n en resetpw.php en phpBannerExchange antes de v2.0 Update 6 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de un par\u00e1metro de correo electr\u00f3nico que contiene caracteres de valor nulo (%00) despu\u00e9s de un e-mail v\u00e1lido. Esto pasa a la comprobaci\u00f3n de validaci\u00f3n en el comando PHP eregi . NOTA: se puede argumentar que esta vulnerabilidad se debe a un error en el comando eregi PHP y la soluci\u00f3n correcta debe estar en PHP, si es as\u00ed, entonces esto no debe ser entendido como una vulnerabilidad en phpBannerExchange."}], "id": "CVE-2006-3013", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-19T10:02:00.000", "references": [{"source": "[email protected]", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html"}, {"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20687"}, {"source": "[email protected]", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php"}, {"source": "[email protected]", "url": "http://www.osvdb.org/26509"}, {"source": "[email protected]", "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/archive/1/437294/100/0/threaded"}, {"source": "[email protected]", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/18448"}, {"source": "[email protected]", "url": "http://www.vupen.com/english/advisories/2006/2358"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27193"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/437294/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/18448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2358"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27193"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}