CVE-2004-1966 | Vulnerability Database | Aqua Security

Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.

Affected Software

Name	Vendor	Start Version	End Version
Openbb	Openbb	1.0.0_beta1 (including)	1.0.0_beta1 (including)
Openbb	Openbb	1.0.0_rc1 (including)	1.0.0_rc1 (including)
Openbb	Openbb	1.0.0_rc2 (including)	1.0.0_rc2 (including)
Openbb	Openbb	1.0.0_rc3 (including)	1.0.0_rc3 (including)
Openbb	Openbb	1.0.5 (including)	1.0.5 (including)
Openbb	Openbb	1.0.6 (including)	1.0.6 (including)
Openbb	Openbb	1.0.8 (including)	1.0.8 (including)

References

http://marc.info/?l=bugtraq\u0026m=108301983206107\u0026w=2
http://secunia.com/advisories/11481
http://securitytracker.com/id?1009935
http://www.securityfocus.com/bid/10214
https://exchange.xforce.ibmcloud.com/vulnerabilities/15964
http://marc.info/?l=bugtraq\u0026m=108301983206107\u0026w=2
http://secunia.com/advisories/11481
http://securitytracker.com/id?1009935
http://www.securityfocus.com/bid/10214
https://exchange.xforce.ibmcloud.com/vulnerabilities/15964

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1966
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html