Vulnerabilities > CVE-2005-4139 - Input Validation vulnerability in Thwboard Beta 2.8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Thwboard Beta 2.8 misc.php userid Parameter SQL Injection. CVE-2005-4139 . Webapps exploit for php platform id EDB-ID:26757 last seen 2016-02-03 modified 2005-12-07 published 2005-12-07 reporter trueend5 source https://www.exploit-db.com/download/26757/ title Thwboard Beta 2.8 misc.php userid Parameter SQL Injection description Thwboard Beta 2.8 v_profile.php user Parameter SQL Injection. CVE-2005-4139. Webapps exploit for php platform id EDB-ID:26756 last seen 2016-02-03 modified 2005-12-07 published 2005-12-07 reporter trueend5 source https://www.exploit-db.com/download/26756/ title Thwboard Beta 2.8 v_profile.php user Parameter SQL Injection description Thwboard Beta 2.8 calendar.php year Parameter SQL Injection. CVE-2005-4139. Webapps exploit for php platform id EDB-ID:26755 last seen 2016-02-03 modified 2005-12-07 published 2005-12-07 reporter trueend5 source https://www.exploit-db.com/download/26755/ title Thwboard Beta 2.8 calendar.php year Parameter SQL Injection
References
- http://kapda.ir/advisory-149.html
- http://securityreason.com/securityalert/238
- http://www.osvdb.org/21737
- http://www.osvdb.org/21738
- http://www.osvdb.org/21739
- http://www.securityfocus.com/archive/1/418837/100/0/threaded
- http://www.securityfocus.com/bid/15763
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23531