CVE-2005-3364

2005-10-2919:00:00

mitre

www.cve.org

8.5 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php.

References

marc.info/?l=bugtraq&m=113017087231116&w=2

securityreason.com/securityalert/109

securitytracker.com/id?1015095

www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-10/0298.html

www.osvdb.org/20442

www.osvdb.org/20443

www.securityfocus.com/bid/15174

www.securityfocus.com/bid/15194