Vulnerabilities > CVE-2005-2989 - SQL Injection vulnerability in Deluxebb 1.0/1.05
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description DeluxeBB 1.0 forums.php fid Parameter SQL Injection. CVE-2005-2989. Webapps exploit for php platform id EDB-ID:26266 last seen 2016-02-03 modified 2005-09-15 published 2005-09-15 reporter abducter source https://www.exploit-db.com/download/26266/ title DeluxeBB 1.0 forums.php fid Parameter SQL Injection description DeluxeBB 1.0 topic.php tid Parameter SQL Injection. CVE-2005-2989. Webapps exploit for php platform id EDB-ID:26264 last seen 2016-02-03 modified 2005-09-15 published 2005-09-15 reporter abducter source https://www.exploit-db.com/download/26264/ title DeluxeBB 1.0 topic.php tid Parameter SQL Injection description DeluxeBB 1.0 pm.php uid Parameter SQL Injection. CVE-2005-2989. Webapps exploit for php platform id EDB-ID:26267 last seen 2016-02-03 modified 2005-09-15 published 2005-09-15 reporter abducter source https://www.exploit-db.com/download/26267/ title DeluxeBB 1.0 pm.php uid Parameter SQL Injection
Nessus
NASL family | CGI abuses |
NASL id | DELUXEBB_SQL_INJECTION.NASL |
description | The remote host is using DeluxeBB, a web application forum written in PHP. The installed version of this software fails to sanitize input to several parameters and scripts before using it to generate SQL queries. Provided PHP |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19750 |
published | 2005-09-19 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19750 |
title | DeluxeBB Multiple Scripts SQL Injection |
code |
|