DeluxeBB 1.07 and previous versions allows remote malicious users to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
deluxebb deluxebb 1.05 |
||
deluxebb deluxebb 1.06 |
||
deluxebb deluxebb 1.07 |