viewforum.php in Ultimate PHP Board (UPB) 1.8 up to and including 1.9.6 may allow remote malicious users to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ultimate php board ultimate php board 1.8.2 |
||
ultimate php board ultimate php board 1.9 |
||
ultimate php board ultimate php board 1.9.6 |
||
ultimate php board ultimate php board 1.8 |