Published: 30/11/2005 Updated: 17/05/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote malicious users to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ovbb ovbb 0.5a
ovbb ovbb 0.6a
ovbb ovbb 0.3a
ovbb ovbb 0.7a
ovbb ovbb 0.4a
ovbb ovbb 0.2a
ovbb ovbb 0.8a
ovbb ovbb 0.1a

source: wwwsecurityfocuscom/bid/15566/info OvBB is prone to multiple SQL injection vulnerabilities Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation OvBB 008a and prior versions ...

source: wwwsecurityfocuscom/bid/15566/info OvBB is prone to multiple SQL injection vulnerabilities Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation OvBB 008a and prior versions are ...

NVD-CWE-Other http://www.securityfocus.com/bid/15566 http://www.osvdb.org/21307 http://www.osvdb.org/21308 http://pridels0.blogspot.com/2005/11/ovbb-sql-vulnerabilities.html https://nvd.nist.gov https://www.exploit-db.com/exploits/26590/

CVE-2005-3918

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect