Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.15561
Category:CGI abuses
Title:UBB.threads dosearch.php SQL injection
Summary:NOSUMMARY
Description:Description:

The remote host is running UBB.threads, a bulletin board system
written in PHP.

There is a SQL injection issue in the remote version of this software which
may allow an attacker to execute arbitrary SQL statements on the remote host
and to potentially overwrite arbitrary files on the remote system, by
sending a malformed value to the 'Name' argument of the file 'dosearch.php'.

Solution : Upgrade to the latest version of this software
Risk factor : High

CVSS Score:
7.5

Cross-Ref: BugTraq ID: 11502
Common Vulnerability Exposure (CVE) ID: CVE-2004-1622
http://www.securityfocus.com/bid/11502
Bugtraq: 20041021 SQL Injection in UBB.threads 3.4.x (Google Search)
http://marc.info/?l=bugtraq&m=109839925207038&w=2
XForce ISS Database: ubbthreads-sql-injection(17821)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17821
CopyrightThis script is Copyright (C) 2004 Tenable Network Security

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.