NuytsTech Security

CVE-2005-3918

by ·

** DISPUTED **

Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial."

Date published : 2005-11-30

http://www.securityfocus.com/bid/15566

http://pridels0.blogspot.com/2005/11/ovbb-sql-vulnerabilities.html

Tags: