SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and previous versions allows remote malicious users to execute SQL commands via a double-encoded user parameter in a viewprofile action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yabb yabb 1.5.1 |
||
yabb yabb |
||
yabb yabb 1.5.2 |
||
yabb yabb 1.5.4 |