3 matches found
CVE-2009-0851
CVE-2009-0851 affects CelerBB 0.0.2. When magic_quotes_gpc is disabled, remote attackers can inject SQL via the id parameter to viewforum.php and viewtopic.php, enabling arbitrary SQL execution. The NVD entry assigns a MEDIUM base score (6.8) with network attack vector and no authentication requi...
CVE-2009-0852
CVE-2009-0852 concerns CelerBB 0.0.2. Multiple connected sources confirm that the vulnerability exists in the showme.php module via the user parameter, enabling remote attackers to retrieve sensitive or “reserved” information. The CVE description and corroborating entries (including exploit refer...
CVE-2009-0853
CVE-2009-0853 affects CelerBB 0.0.2. When magic_quotes_gpc is disabled, remote attackers can bypass authentication and gain administrative access by submitting a crafted Username value (e.g., admin'#) to login.php. Verified in multiple sources; impact is authentication bypass with partial confide...