Vulnerabilities > CVE-2005-2058 - SQL-Injection vulnerability in UBB.threads
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
Vulnerable Configurations
Exploit-Db
description UBBCentral UBB.threads 5.5.1/6.x calendar.php Multiple Parameter SQL Injection. CVE-2005-2058. Webapps exploit for php platform id EDB-ID:25898 last seen 2016-02-03 modified 2005-06-24 published 2005-06-24 reporter James Bercegay source https://www.exploit-db.com/download/25898/ title UBBCentral UBB.threads 5.5.1/6.x calendar.php Multiple Parameter SQL Injection description UBBCentral UBB.threads 5.5.1/6.x notifymod.php Number Parameter SQL Injection. CVE-2005-2058. Webapps exploit for php platform id EDB-ID:25902 last seen 2016-02-03 modified 2005-06-24 published 2005-06-24 reporter James Bercegay source https://www.exploit-db.com/download/25902/ title UBBCentral UBB.threads 5.5.1/6.x notifymod.php Number Parameter SQL Injection description UBBCentral UBB.threads 5.5.1/6.x modifypost.php Number Parameter SQL Injection. CVE-2005-2058. Webapps exploit for php platform id EDB-ID:25899 last seen 2016-02-03 modified 2005-06-24 published 2005-06-24 reporter James Bercegay source https://www.exploit-db.com/download/25899/ title UBBCentral UBB.threads 5.5.1/6.x modifypost.php Number Parameter SQL Injection description UBBCentral UBB.threads 5.5.1/6.x addfav.php main Parameter SQL Injection. CVE-2005-2058. Webapps exploit for php platform id EDB-ID:25901 last seen 2016-02-03 modified 2005-06-24 published 2005-06-24 reporter James Bercegay source https://www.exploit-db.com/download/25901/ title UBBCentral UBB.threads 5.5.1/6.x addfav.php main Parameter SQL Injection description UBB Threads < 6.5.2 Beta (mailthread.php) SQL Injection Exploit. CVE-2005-2058. Webapps exploit for php platform id EDB-ID:1069 last seen 2016-01-31 modified 2005-06-25 published 2005-06-25 reporter mh_p0rtal source https://www.exploit-db.com/download/1069/ title UBB Threads < 6.5.2 Beta mailthread.php SQL Injection Exploit description UBBCentral UBB.threads 5.5.1/6.x viewmessage.php message Parameter SQL Injection. CVE-2005-2058. Webapps exploit for php platform id EDB-ID:25900 last seen 2016-02-03 modified 2005-06-24 published 2005-06-24 reporter James Bercegay source https://www.exploit-db.com/download/25900/ title UBBCentral UBB.threads 5.5.1/6.x viewmessage.php message Parameter SQL Injection description UBBCentral UBB.threads 5.5.1/6.x download.php Number Parameter SQL Injection. CVE-2005-2058. Webapps exploit for php platform id EDB-ID:25897 last seen 2016-02-03 modified 2005-06-24 published 2005-06-24 reporter James Bercegay source https://www.exploit-db.com/download/25897/ title UBBCentral UBB.threads 5.5.1/6.x download.php Number Parameter SQL Injection
Nessus
| NASL family | CGI abuses |
| NASL id | UBBTHREADS_PRINTTHREAD_SQL_INJECTION.NASL |
| description | The remote host is running a version of UBB.threads that suffers from multiple vulnerabilities due to insufficient input validation - local file inclusion, HTTP response splitting, SQL injection, and cross-site scripting. These flaws may allow an attacker to completely compromise the affected installation of UBB.threads. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 18098 |
| published | 2005-04-20 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/18098 |
| title | UBB.threads < 6.5.2 beta Multiple Vulnerabilities |