CVE-2005-2989
published 2005-09-20CVE-2005-2989: Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.23%
65.1th percentile
Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deluxebb | deluxebb | <= 1.2 | — |
| deluxebb | deluxebb | <= 1.3 | — |
| deluxebb | deluxebb | — | — |
| deluxebb | deluxebb | — | — |
| deluxebb | deluxebb | — | — |
| deluxebb | deluxebb | — | — |
| deluxebb | deluxebb | — | — |
| deluxebb | deluxebb | — | — |
| deluxebb | deluxebb | — | — |
| deluxebb | deluxebb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hh65-q2x2-rm42: SQL injection vulnerability in pm
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-6146 [HIGH] CWE-89 GHSA-hh65-q2x2-rm42: SQL injection vulnerability in pm
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.
GHSA
GHSA-mv4g-2fqv-5g5h: SQL injection vulnerability in misc
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2010-4151 [HIGH] CWE-89 GHSA-mv4g-2fqv-5g5h: SQL injection vulnerability in misc
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
GHSA
GHSA-q9qw-8h23-9f94: SQL injection vulnerability in misc
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-1033 [HIGH] CWE-89 GHSA-q9qw-8h23-9f94: SQL injection vulnerability in misc
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
GHSA
GHSA-7x2j-7gp6-7vr3: Multiple SQL injection vulnerabilities in DeluxeBB 1
ghsa_unreviewed·2022-05-01
CVE-2005-2989 [HIGH] GHSA-7x2j-7gp6-7vr3: Multiple SQL injection vulnerabilities in DeluxeBB 1
Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php.
No detection rules found.
Exploit-DB
DeluxeBB 1.0 - 'forums.php' SQL Injection
exploitdb·2005-09-15
CVE-2005-2989 DeluxeBB 1.0 - 'forums.php' SQL Injection
DeluxeBB 1.0 - 'forums.php' SQL Injection
---
source: https://www.securityfocus.com/bid/14851/info
DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/forums.php?fid=[code]
Exploit-DB
DeluxeBB 1.0 - 'misc.php' SQL Injection
exploitdb·2005-09-15
CVE-2005-2989 DeluxeBB 1.0 - 'misc.php' SQL Injection
DeluxeBB 1.0 - 'misc.php' SQL Injection
---
source: https://www.securityfocus.com/bid/14851/info
DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/misc.php?sub=profile&uid=[code]
Exploit-DB
DeluxeBB 1.0 - 'topic.php' SQL Injection
exploitdb·2005-09-15
CVE-2005-2989 DeluxeBB 1.0 - 'topic.php' SQL Injection
DeluxeBB 1.0 - 'topic.php' SQL Injection
---
source: https://www.securityfocus.com/bid/14851/info
DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/topic.php?tid=[code]
Exploit-DB
DeluxeBB 1.0 - 'pm.php' SQL Injection
exploitdb·2005-09-15
CVE-2005-2989 DeluxeBB 1.0 - 'pm.php' SQL Injection
DeluxeBB 1.0 - 'pm.php' SQL Injection
---
source: https://www.securityfocus.com/bid/14851/info
DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/pm.php?sub=newpm&uid=[code]
Exploit-DB
DeluxeBB 1.0 - 'newpost.php' SQL Injection
exploitdb·2005-09-15
CVE-2005-2989 DeluxeBB 1.0 - 'newpost.php' SQL Injection
DeluxeBB 1.0 - 'newpost.php' SQL Injection
---
source: https://www.securityfocus.com/bid/14851/info
DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/newpost.php?sub=newthread&fid=[code]
No writeups or analysis indexed.
2005-09-20
Published