Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote malicious users to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nextbbs nextbbs 0.6 |