DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase union select or possibly other statements that do not match the uppercase UNION SELECT.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Deluxebb | Deluxebb | 1.05 (including) | 1.05 (including) |
Deluxebb | Deluxebb | 1.06 (including) | 1.06 (including) |
Deluxebb | Deluxebb | 1.07 (including) | 1.07 (including) |