NuytsTech Security

CVE-2006-4025

by ·

SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.

Date published : 2006-08-08

http://www.securityfocus.com/bid/19374

http://www.securityfocus.com/archive/1/442423/100/0/threaded

Tags: