{"api_version":"1","generated_at":"2026-05-13T06:36:59+00:00","cve":"CVE-2006-2504","urls":{"html":"https://cve.report/CVE-2006-2504","api":"https://cve.report/api/cve/CVE-2006-2504.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2504","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2504"},"summary":{"title":"CVE-2006-2504","description":"Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-05-22 19:02:00","updated_at":"2018-10-18 16:40:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://securityreason.com/securityalert/928","name":"928","refsource":"SREASON","tags":[],"title":"SecurityReason - Azboard <= 1.0 Multiple Sql Injections","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/17990","name":"17990","refsource":"BID","tags":[],"title":"AZBoard List.ASP SQL Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.osvdb.org/25528","name":"25528","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/434010/100/0/threaded","name":"20060515 Azboard <= 1.0 Multiple Sql Injections","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1827","name":"ADV-2006-1827","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://user.chol.com/~jyj9782/sec/azboard_advisory.txt","name":"http://user.chol.com/~jyj9782/sec/azboard_advisory.txt","refsource":"MISC","tags":["Exploit"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/20112","name":"20112","refsource":"SECUNIA","tags":[],"title":"Azboard Multiple SQL Injection Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26495","name":"azboard-list-adminok-sql-injection(26495)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/25527","name":"25527","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2504","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2504","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2504","vulnerable":"1","versionEndIncluding":"1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"azboard","cpe5":"azboard","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2504","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2006-1827","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1827"},{"name":"25528","refsource":"OSVDB","url":"http://www.osvdb.org/25528"},{"name":"17990","refsource":"BID","url":"http://www.securityfocus.com/bid/17990"},{"name":"25527","refsource":"OSVDB","url":"http://www.osvdb.org/25527"},{"name":"20112","refsource":"SECUNIA","url":"http://secunia.com/advisories/20112"},{"name":"azboard-list-adminok-sql-injection(26495)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26495"},{"name":"20060515 Azboard <= 1.0 Multiple Sql Injections","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/434010/100/0/threaded"},{"name":"http://user.chol.com/~jyj9782/sec/azboard_advisory.txt","refsource":"MISC","url":"http://user.chol.com/~jyj9782/sec/azboard_advisory.txt"},{"name":"928","refsource":"SREASON","url":"http://securityreason.com/securityalert/928"}]}},"nvd":{"publishedDate":"2006-05-22 19:02:00","lastModifiedDate":"2018-10-18 16:40:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:azboard:azboard:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2504","Ordinal":"17816","Title":"CVE-2006-2504","CVE":"CVE-2006-2504","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2504","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2504","Ordinal":"2","NoteData":"2006-05-22","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2504","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}