QwikSec

Security Database

CVE

CWE

Training

CVE-2004-0323

Published: Mar 18, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

20040225 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2

mailing-list

x_refsource_BUGTRAQ

xmb-multiple-sql-injection(15295)

vdb-entry

x_refsource_XF

http://www.xmbforum.com/community/boards/viewthread.php?tid=746859

x_refsource_CONFIRM

20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2

mailing-list

x_refsource_BUGTRAQ

20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]

mailing-list

x_refsource_BUGTRAQ

https://docs.xmbforum2.com/index.php?title=Security_Issue_History

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.