Multiple SQL Injection Vulnerabilities in Infopop UBB.Threads

Multiple SQL Injection Vulnerabilities in Infopop UBB.Threads

CVE-2005-2058 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.