CVE-2005-3918
** DISPUTED **
Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial."
Date published : 2005-11-30
http://www.securityfocus.com/bid/15566
http://pridels0.blogspot.com/2005/11/ovbb-sql-vulnerabilities.html