Vulnerabilities > Xchangeboard

DATE CVE VULNERABILITY TITLE RISK
2008-07-07 CVE-2008-3035 SQL Injection vulnerability in Xchangeboard
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter.
network
low complexity
xchangeboard CWE-89
6.5
2006-10-25 CVE-2006-5500 SQL-Injection vulnerability in XChangeboard
Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters.
network
high complexity
xchangeboard
5.1
2006-10-25 CVE-2006-5488 SQL Injection vulnerability in Xchangeboard 1.70
SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login.
network
low complexity
xchangeboard
7.5