CVE-2005-3918
published 2005-11-30CVE-2005-3918: Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.17%
63.5th percentile
Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ovbb | ovbb | — | — |
| ovbb | ovbb | — | — |
| ovbb | ovbb | — | — |
| ovbb | ovbb | — | — |
| ovbb | ovbb | — | — |
| ovbb | ovbb | — | — |
| ovbb | ovbb | — | — |
| ovbb | ovbb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OvBB 0.x - 'profile.php?userid' SQL Injection
exploitdb·2005-11-24
CVE-2005-3918 OvBB 0.x - 'profile.php?userid' SQL Injection
OvBB 0.x - 'profile.php?userid' SQL Injection
---
source: https://www.securityfocus.com/bid/15566/info
OvBB is prone to multiple SQL injection vulnerabilities.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
OvBB 0.08a and prior versions are reportedly affected.
http://www.example.com/forums/profile.php?userid=[SQL]
Exploit-DB
OvBB 0.x - 'thread.php?threadid' SQL Injection
exploitdb·2005-11-24
CVE-2005-3918 OvBB 0.x - 'thread.php?threadid' SQL Injection
OvBB 0.x - 'thread.php?threadid' SQL Injection
---
source: https://www.securityfocus.com/bid/15566/info
OvBB is prone to multiple SQL injection vulnerabilities.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
OvBB 0.08a and prior versions are reportedly affected.
http://www.example.com/forums/thread.php?threadid=[SQL]
http://pridels0.blogspot.com/2005/11/ovbb-sql-vulnerabilities.htmlhttp://www.osvdb.org/21307http://www.osvdb.org/21308http://www.securityfocus.com/bid/15566http://pridels0.blogspot.com/2005/11/ovbb-sql-vulnerabilities.htmlhttp://www.osvdb.org/21307http://www.osvdb.org/21308http://www.securityfocus.com/bid/15566
2005-11-30
Published