Xchangeboard: Security Vulnerabilities
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2008-07-07
SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.005
Published
2006-10-25
Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS Score
5.1
EPSS Score
0.004
Published
2006-10-25