CVE-2006-6270
CVE-2006-6270 is a critical-severity vulnerability in Kervancilar Aspmforum with a CVSS 2.0 base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Critical (CVSS 2.0 base score 10.0)
- EPSS exploit prediction: 2% (75th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Kervancilar Aspmforum
- Published:
- Last modified:
Description
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141.
Frequently asked questions
- What is CVE-2006-6270?
- Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141.
- How severe is CVE-2006-6270?
- CVE-2006-6270 has a CVSS 2.0 base score of 10.0, rated critical severity.
- Is CVE-2006-6270 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (75th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-6270?
- CVE-2006-6270 affects Kervancilar Aspmforum. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2006-6270?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2006-6270 published?
- CVE-2006-6270 was published on 2006-12-04 and last updated on 2026-06-16.
References
- http://securityreason.com/securityalert/1963
- http://www.securityfocus.com/archive/1/451958/100/200/threaded
- http://www.securityfocus.com/bid/21113
Affected products (1)
- cpe:2.3:a:kervancilar:aspmforum:*:*:*:*:*:*:*:*