Thwboard Beta 2.8 v_profile.php user Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15763/info ThWboard is prone to multiple input validation vulnerabilities. The application is vulnerable to HTML injection, cross-site scripting, and SQL injection; these issues are due to a lack of proper sanitization of...

CVE-2005-4138

Multiple cross-site scripting XSS vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the 1 Wohnort and 2 Beruf fields in editprofile.php, 3 user parameter array in vprofile.php, and 4 the action parameter in misc.php...

CVE-2005-4138

ThWboard vulnerable to multiple XSS flaws in versions before 3 Beta 2.84. Attack vectors include (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php. These allow remote attackers to inject arbitrary web script/HT...

CVE-2005-4139

Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the 1 year parameter in calendar.php, 2 user parameter array in vprofile.php, and 3 the userid parameter in misc.php...