ID CVE-2005-2989
Summary Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php.
References
Vulnerable Configurations
  • cpe:2.3:a:deluxebb:deluxebb:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:deluxebb:deluxebb:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*
    cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 08-03-2011 - 02:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 14851
secunia 16819
vupen ADV-2005-1752
Last major update 08-03-2011 - 02:25
Published 20-09-2005 - 00:03
Last modified 08-03-2011 - 02:25
Back to Top