2 matches found
CVE-2006-4025
SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the 1 bdayday, 2 bdaymonth, and 3 bdayyear parameters in the personal section...
CVE-2006-4025
XennoBB 2.1.0 (and earlier) contains a SQL injection in profile.php. The vulnerability affects the personal section via the bday_day, bday_month, and bday_year parameters, enabling a remote authenticated user to manipulate SQL commands. The CVSS-derived impact indicates partial confidentiality, i...