Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.
8.8AI Score
0.001EPSS
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.
6.8AI Score
0.004EPSS
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.
7.2AI Score
0.006EPSS