Vulnerabilities > CVE-2005-1199 - SQL Injection vulnerability in Infopop Ultimate Bulletin Board 6.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
infopop
nessus
exploit available

Summary

SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter.

Vulnerable Configurations

Part Description Count
Application
Infopop
1

Exploit-Db

descriptionUBBCentral 6.0 UBB.threads Printthread.PHP SQL Injection Vulnerability. CVE-2005-1199 . Webapps exploit for php platform
idEDB-ID:25457
last seen2016-02-03
modified2005-03-11
published2005-03-11
reporterHLL
sourcehttps://www.exploit-db.com/download/25457/
titleUBBCentral 6.0 UBB.threads Printthread.PHP SQL Injection Vulnerability

Nessus

NASL familyCGI abuses
NASL idUBBTHREADS_PRINTTHREAD_SQL_INJECTION.NASL
descriptionThe remote host is running a version of UBB.threads that suffers from multiple vulnerabilities due to insufficient input validation - local file inclusion, HTTP response splitting, SQL injection, and cross-site scripting. These flaws may allow an attacker to completely compromise the affected installation of UBB.threads.
last seen2020-06-01
modified2020-06-02
plugin id18098
published2005-04-20
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18098
titleUBB.threads < 6.5.2 beta Multiple Vulnerabilities