Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2005-06-28T04:00:00
Updated: 2024-08-07T22:15:37.544Z
Reserved: 2005-06-29T00:00:00
Link: CVE-2005-2058

No data.

Status : Modified
Published: 2005-06-29T04:00:00.000
Modified: 2024-11-20T23:58:42.317
Link: CVE-2005-2058

No data.