4 matches found
CVE-2009-1277
CVE-2009-1277 concerns Gravity Board X (GBX) 2.0 Beta. The vulnerability is a SQL injection in index.php via the member_id parameter in a viewprofile action, enabling remote attackers to execute arbitrary SQL commands. The entry notes that a separate board_id issue is covered by CVE-2008-2996. Co...
CVE-2008-2996
GBX 2.0 Beta (Gravity Board X) has multiple SQL injection vulnerabilities in index.php. Specifically, two parameters are exploitable: searchquery in getsearch and board_id in viewboard, and these issues occur when magic_quotes_gpc is disabled. The CVE-2008-2996 entry documents remote execution of...
CVE-2009-1278
Gravity Board X (GBX) 2.0 BETA has a static code injection in forms/ajax/configure.php that allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. Affected: GBX 2.0 BETA; vulnerable file: forms/ajax/configure.php. Root cause: configuration work...
CVE-2008-2997
CVE-2008-2997 : XSS vulnerability in Gravity Board X (GBX) 2.0 Beta. In GBX’s index.php, the subject parameter in the postnewsubmit (create new thread) action can be exploited to inject arbitrary script/HTML. This remote vector could affect users who submit a thread, with the impact described as ...