Vulnerabilities > Deluxebb > Deluxebb > 1.09
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-07 | CVE-2010-1859 | SQL Injection vulnerability in Deluxebb SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread. | 6.8 |
| 2009-03-20 | CVE-2009-1033 | SQL Injection vulnerability in Deluxebb SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503. | 7.5 |
| 2009-02-16 | CVE-2008-6146 | SQL Injection vulnerability in Deluxebb SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989. | 6.8 |
| 2007-12-04 | CVE-2007-6237 | Improper Authentication vulnerability in Deluxebb 1.09 cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. | 9.0 |