3 matches found
CVE-2010-4151
The CVE-2010-4151 entry corresponds to an SQL injection in DeluxeBB 1.3 (and possibly earlier) affecting misc.php, triggered when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to manipulate the xthedateformat parameter in a register action and execute arbitrary SQL comma...
CVE-2010-4151
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033...
DeluxeBB 'xthedateformat' Parameter SQL Injection Vulnerability
DeluxeBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...