Vulnerabilities > Xchangeboard > Xchangeboard > 1.70

DATE CVE VULNERABILITY TITLE RISK
2006-10-25 CVE-2006-5488 SQL Injection vulnerability in Xchangeboard 1.70
SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login.
network
low complexity
xchangeboard
7.5
7.5