CVE-2006-3940: Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_r...

Description

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.

Metrics

EPSS Probability

1.09%

61.1th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Phpbb Group	Phpbb-Auction	1.0m
Phpbb Group	Phpbb-Auction	1.2m
Phpbb Group	Phpbb-Auction	1.3m

References

Timeline

Published: Jul 31, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3940?

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.

How severe is CVE-2006-3940?

Severity scoring for CVE-2006-3940 is pending analysis. The EPSS model estimates a 1.09% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3940?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.