Vulnerabilities > CVE-2005-2575 - Unspecified vulnerability in XMB Forum XMB 1.9.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xmb-forum
nessus
NVD
Published: 2005-08-16
Updated: 2021-04-29

Summary

SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable.

Vulnerable Configurations

Part Description Count
Application
Xmb_Forum
1

Nessus

NASL familyCGI abuses
NASL idXMB_MULTIPLE_XSS.NASL
descriptionThe remote host is running XMB Forum, a web forum written in PHP. According to its banner, the version of XMB installed on the remote host suffers from cross-site scripting, SQL injection, and input validation vulnerabilities.
last seen2020-06-01
modified2020-06-02
plugin id17608
published2005-03-24
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17608
titleXMB Forum < 1.9.10 Multiple Vulnerabilities

Statements

contributor
lastmodified2008-12-11
organizationXMB
statementXMB versions 1.9.8 and later were checked and are not vulnerable.

References