CVE-2007-1254 | Vulnerability Database | Aqua Security

SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.

Affected Software

Name	Vendor	Start Version	End Version
Connectix_boards	Connectix	0.5	0.5
Connectix_boards	Connectix	0.4.2	0.4.2
Connectix_boards	Connectix	0.4	0.4
Connectix_boards	Connectix	0.4.3	0.4.3
Connectix_boards	Connectix	0.7	0.7
Connectix_boards	Connectix	0.5.4	0.5.4
Connectix_boards	Connectix	0.5.3	0.5.3
Connectix_boards	Connectix	0.5.1	0.5.1
Connectix_boards	Connectix	0.6.1	0.6.1
Connectix_boards	Connectix	0.5.2	0.5.2
Connectix_boards	Connectix	0.4.4	0.4.4
Connectix_boards	Connectix	0.4.1	0.4.1
Connectix_boards	Connectix	0.5.5	0.5.5
Connectix_boards	Connectix	0.6	0.6

References

http://secunia.com/advisories/24255
http://securityreason.com/securityalert/2364
http://osvdb.org/33537
https://www.exploit-db.com/exploits/3352
http://www.securityfocus.com/archive/1/460947/100/0/threaded

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1254
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html