3 matches found
XMB Forum 1.8 - 'forumdisplay.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of...
XMB member.php Multiple Parameter SQL Injection
The remote host is running XMB Forum, a web forum written in PHP. According to its banner, this forum is vulnerable to a SQL injection bug which may allow an attacker to steal the passwords hashes of any user of this forum, including the forum administrator. Once he has the password hashes, he ca...
XMB Forum 1.6 pre-beta - Image Tag Script Injection
source: https://www.securityfocus.com/bid/4167/info The Extreme Message Board XMB 1.6 Magic Lantern pre-beta version reportedly allows JavaScript and HTML to be entered in messages. This can be achieved by entering script or HTML between img and /img tags in a forum message. This has been fixed i...