Intrusion Prevention

Acronym.Mod.Admin_Acronyms.PHP.SQL.Injection

Description

It indicates a possible exploit of SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod for phpBB2 Plus.
This flaw is due to an input validation error in the "admin_acronyms.php" script that does not validate the "id" parameter before being used in SQL statements, which could be exploited by malicious users to conduct SQL injection attacks.

Affected Products

CMX Acronym (module for phpBB) version 0.9.5 and prior.

Impact

The execution of arbitrary SQL commands on the system.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2006-6842