2 matches found
Sql injection
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033...
CVE-2005-2989
DeluxeBB 1.0 and 1.0.5 contain multiple SQL injection vulnerabilities exploitable via user-controlled parameters: tid in topic.php, uid in misc.php or pm.php, and fid in forums.php or newpost.php. These allow remote attackers to inject arbitrary SQL commands, as described in CVE-2005-2989. The ev...