Vulnerability Details CVE-2005-3918
Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://pridels0.blogspot.com/2005/11/ovbb-sql-vulnerabilities.html
- http://www.osvdb.org/21307
- http://www.osvdb.org/21308
- http://www.securityfocus.com/bid/15566
- http://pridels0.blogspot.com/2005/11/ovbb-sql-vulnerabilities.html
- http://www.osvdb.org/21307
- http://www.osvdb.org/21308
- http://www.securityfocus.com/bid/15566
Products affected by CVE-2005-3918
-
cpe:2.3:a:ovbb:ovbb:0.1a
-
cpe:2.3:a:ovbb:ovbb:0.2a
-
cpe:2.3:a:ovbb:ovbb:0.3a
-
cpe:2.3:a:ovbb:ovbb:0.4a
-
cpe:2.3:a:ovbb:ovbb:0.5a
-
cpe:2.3:a:ovbb:ovbb:0.6a
-
cpe:2.3:a:ovbb:ovbb:0.7a
-
cpe:2.3:a:ovbb:ovbb:0.8a