Multiple SQL injection vulnerabilities in Infopop UBB.Threads prior to 6.5.2 Beta allow remote malicious users to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ubbcentral ubb.threads 6.0.1 |
||
ubbcentral ubb.threads 6.0.2 |
||
ubbcentral ubb.threads 6.2.3 |
||
ubbcentral ubb.threads 6.3 |
||
ubbcentral ubb.threads 6.3.1 |
||
ubbcentral ubb.threads 6.5.1 |
||
ubbcentral ubb.threads 6.5.1.1 |
||
ubbcentral ubb.threads 6.1.1 |
||
ubbcentral ubb.threads 6.2 |
||
ubbcentral ubb.threads 6.4.2 |
||
ubbcentral ubb.threads 6.4.3 |
||
ubbcentral ubb.threads 6.0 |
||
ubbcentral ubb.threads 6.2.1 |
||
ubbcentral ubb.threads 6.2.2 |
||
ubbcentral ubb.threads 6.4.4 |
||
ubbcentral ubb.threads 6.5 |
||
ubbcentral ubb.threads 6.0.3 |
||
ubbcentral ubb.threads 6.1 |
||
ubbcentral ubb.threads 6.4 |
||
ubbcentral ubb.threads 6.4.1 |