Vulnerability Details CVE-2005-2058
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=111963737202040&w=2
- http://www.gulftech.org/?node=research&article_id=00084-06232005
- http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351
- http://marc.info/?l=bugtraq&m=111963737202040&w=2
- http://www.gulftech.org/?node=research&article_id=00084-06232005
- http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351
Products affected by CVE-2005-2058
-
cpe:2.3:a:ubbcentral:ubb.threads:6.0
-
cpe:2.3:a:ubbcentral:ubb.threads:6.0.1
-
cpe:2.3:a:ubbcentral:ubb.threads:6.0.2
-
cpe:2.3:a:ubbcentral:ubb.threads:6.0.3
-
cpe:2.3:a:ubbcentral:ubb.threads:6.1
-
cpe:2.3:a:ubbcentral:ubb.threads:6.1.1
-
cpe:2.3:a:ubbcentral:ubb.threads:6.2
-
cpe:2.3:a:ubbcentral:ubb.threads:6.2.1
-
cpe:2.3:a:ubbcentral:ubb.threads:6.2.2
-
cpe:2.3:a:ubbcentral:ubb.threads:6.2.3
-
cpe:2.3:a:ubbcentral:ubb.threads:6.3
-
cpe:2.3:a:ubbcentral:ubb.threads:6.3.1
-
cpe:2.3:a:ubbcentral:ubb.threads:6.4
-
cpe:2.3:a:ubbcentral:ubb.threads:6.4.1
-
cpe:2.3:a:ubbcentral:ubb.threads:6.4.2
-
cpe:2.3:a:ubbcentral:ubb.threads:6.4.3
-
cpe:2.3:a:ubbcentral:ubb.threads:6.4.4
-
cpe:2.3:a:ubbcentral:ubb.threads:6.5
-
cpe:2.3:a:ubbcentral:ubb.threads:6.5.1
-
cpe:2.3:a:ubbcentral:ubb.threads:6.5.1.1