CVE Vulnerabilities

CVE-2005-2058

Published: Jun 29, 2005 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.

Affected Software

Name Vendor Start Version End Version
Ubb.threads Ubbcentral 6.0 (including) 6.0 (including)
Ubb.threads Ubbcentral 6.0.1 (including) 6.0.1 (including)
Ubb.threads Ubbcentral 6.0.2 (including) 6.0.2 (including)
Ubb.threads Ubbcentral 6.0.3 (including) 6.0.3 (including)
Ubb.threads Ubbcentral 6.1 (including) 6.1 (including)
Ubb.threads Ubbcentral 6.1.1 (including) 6.1.1 (including)
Ubb.threads Ubbcentral 6.2 (including) 6.2 (including)
Ubb.threads Ubbcentral 6.2.1 (including) 6.2.1 (including)
Ubb.threads Ubbcentral 6.2.2 (including) 6.2.2 (including)
Ubb.threads Ubbcentral 6.2.3 (including) 6.2.3 (including)
Ubb.threads Ubbcentral 6.3 (including) 6.3 (including)
Ubb.threads Ubbcentral 6.3.1 (including) 6.3.1 (including)
Ubb.threads Ubbcentral 6.4 (including) 6.4 (including)
Ubb.threads Ubbcentral 6.4.1 (including) 6.4.1 (including)
Ubb.threads Ubbcentral 6.4.2 (including) 6.4.2 (including)
Ubb.threads Ubbcentral 6.4.3 (including) 6.4.3 (including)
Ubb.threads Ubbcentral 6.4.4 (including) 6.4.4 (including)
Ubb.threads Ubbcentral 6.5 (including) 6.5 (including)
Ubb.threads Ubbcentral 6.5.1 (including) 6.5.1 (including)
Ubb.threads Ubbcentral 6.5.1.1 (including) 6.5.1.1 (including)

References