Vulnerabilities > Ubbcentral > UBB Threads > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-13 | CVE-2008-6970 | SQL Injection vulnerability in Ubbcentral Ubb.Threads SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter. | 7.5 |
| 2007-04-11 | CVE-2007-1956 | SQL Injection vulnerability in UBB.Threads UBBThreads.PHP SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter. | 7.5 |
| 2006-10-03 | CVE-2006-5136 | Input Validation vulnerability in Ubbcentral Ubb.Threads 6.5.1.1 Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter. | 7.5 |
| 2006-02-04 | CVE-2006-0545 | SQL Injection vulnerability in UBB.Threads Showflat.PHP SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter. | 7.5 |
| 2005-06-29 | CVE-2005-2058 | SQL-Injection vulnerability in UBB.threads Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. | 7.5 |
| 2005-05-02 | CVE-2005-0726 | SQL-Injection vulnerability in Ubbcentral Ubb.Threads 6.0 SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter. | 7.5 |
| 2004-10-21 | CVE-2004-1622 | SQL Injection vulnerability in Ubbcentral Ubb.Threads 3.4/3.5 SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter. | 7.5 |