3 matches found
CVE-2009-1947
SQL injection vulnerability in the UnbDbEncode function in unblib/database.lib.php in Unclassified NewsBoard UNB 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686...
CVE-2005-3686
SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the 1 DateFrom or 2 DateUntil parameter to forum.php...
CVE-2005-3686
CVE-2005-3686 describes an SQL injection vulnerability in the Unclassified NewsBoard (UNB) product. The issue resides in the search.inc.php component and is exploitable via the forum.php path using the (1) DateFrom or (2) DateUntil parameters. The root cause is improper handling of user-supplied ...