Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbTrueend5EDB-ID:26756
HistoryDec 07, 2005 - 12:00 a.m.

Thwboard Beta 2.8 - 'v_profile.php?user' SQL Injection

2005-12-0700:00:00
trueend5
www.exploit-db.com
13

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/15763/info
 
ThWboard is prone to multiple input validation vulnerabilities.
 
The application is vulnerable to HTML injection, cross-site scripting, and SQL injection; these issues are due to a lack of proper sanitization of user-supplied input.
 
A remote attacker may inject SQL, HTML and script code resulting in theft of cookie-based authentication credentials, arbitrary script code execution, and the passing of malicious input to the underlying database application.
 
Version 3 beta 2.8 is vulnerable; other versions may be affected. 

http://www.example.com/thwb/v_profile.php?user[userid]='[SQL]

Related

cvelist 1
cve 1
exploitdb 2
nvd 1
cvelist
cvelist
CVE-2005-4139
2005-12-09 15:00:00
cve
cve
CVE-2005-4139
2005-12-09 15:03:00
exploitdb
exploitdb
Thwboard Beta 2.8 - 'misc.php?userid' SQL Injection
2005-12-07 00:00:00
Thwboard Beta 2.8 - 'calendar.php?year' SQL Injection
2005-12-07 00:00:00
nvd
nvd
CVE-2005-4139
2005-12-09 15:03:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:26756
cvelist1cve1exploitdb2nvd1