CVE-2005-3394

Properties

Published:
31.10.2005
Updated:
22.10.2018
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
oaboard: oaboard

Vulnerability description

Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/415299
BID: http://www.securityfocus.com/bid/15245
VUPEN: http://www.vupen.com/english/advisories/2005/2258
XF: https://exchange.xforce.ibmcloud.com/vulnerabilities/22932