{"api_version":"1","generated_at":"2026-05-14T23:18:01+00:00","cve":"CVE-2006-3318","urls":{"html":"https://cve.report/CVE-2006-3318","api":"https://cve.report/api/cve/CVE-2006-3318.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3318","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3318"},"summary":{"title":"CVE-2006-3318","description":"SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.","state":"PUBLIC","assigner":"PSIRT-CNA@flexerasoftware.com","published_at":"2006-06-29 21:05:00","updated_at":"2018-10-18 16:46:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"http://securityreason.com/securityalert/1173","name":"1173","refsource":"SREASON","tags":[],"title":"SecurityReason - phpRaid SQL Injection and File InclusionVulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/438706/100/0/threaded","name":"20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20865","name":"20865","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - phpRaid SQL Injection and File Inclusion Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27459","name":"phpraid-register-sql-injection(27459)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/secunia_research/2006-47/advisory/","name":"http://secunia.com/secunia_research/2006-47/advisory/","refsource":"MISC","tags":["Vendor Advisory"],"title":"phpRaid SQL Injection and File Inclusion Vulnerabilities - Secunia Research - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2593","name":"ADV-2006-2593","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3318","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3318","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"spiffyjr","cpe5":"phpraid","cpe6":"3.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3318","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"spiffyjr","cpe5":"phpraid","cpe6":"3.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"PSIRT-CNA@flexerasoftware.com","ID":"CVE-2006-3318","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://secunia.com/secunia_research/2006-47/advisory/","refsource":"MISC","url":"http://secunia.com/secunia_research/2006-47/advisory/"},{"name":"phpraid-register-sql-injection(27459)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27459"},{"name":"ADV-2006-2593","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2593"},{"name":"20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/438706/100/0/threaded"},{"name":"1173","refsource":"SREASON","url":"http://securityreason.com/securityalert/1173"},{"name":"20865","refsource":"SECUNIA","url":"http://secunia.com/advisories/20865"}]}},"nvd":{"publishedDate":"2006-06-29 21:05:00","lastModifiedDate":"2018-10-18 16:46:00","problem_types":["CWE-89"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":5.1},"severity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:spiffyjr:phpraid:3.0.6:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3318","Ordinal":"18643","Title":"CVE-2006-3318","CVE":"CVE-2006-3318","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3318","Ordinal":"1","NoteData":"SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3318","Ordinal":"2","NoteData":"2006-06-29","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3318","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}