CVE-2005-4139
published 2005-12-09CVE-2005-4139: Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.76%
75.2th percentile
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thwboard | thwboard_beta | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Thwboard Beta 2.8 - 'v_profile.php?user' SQL Injection
exploitdb·2005-12-07
CVE-2005-4139 Thwboard Beta 2.8 - 'v_profile.php?user' SQL Injection
Thwboard Beta 2.8 - 'v_profile.php?user' SQL Injection
---
source: https://www.securityfocus.com/bid/15763/info
ThWboard is prone to multiple input validation vulnerabilities.
The application is vulnerable to HTML injection, cross-site scripting, and SQL injection; these issues are due to a lack of proper sanitization of user-supplied input.
A remote attacker may inject SQL, HTML and script code resulting in theft of cookie-based authentication credentials, arbitrary script code execution, and the passing of malicious input to the underlying database application.
Version 3 beta 2.8 is vulnerable; other versions may be affected.
http://www.example.com/thwb/v_profile.php?user[userid]='[SQL]
Exploit-DB
Thwboard Beta 2.8 - 'calendar.php?year' SQL Injection
exploitdb·2005-12-07
CVE-2005-4139 Thwboard Beta 2.8 - 'calendar.php?year' SQL Injection
Thwboard Beta 2.8 - 'calendar.php?year' SQL Injection
---
source: https://www.securityfocus.com/bid/15763/info
ThWboard is prone to multiple input validation vulnerabilities.
The application is vulnerable to HTML injection, cross-site scripting, and SQL injection; these issues are due to a lack of proper sanitization of user-supplied input.
A remote attacker may inject SQL, HTML and script code resulting in theft of cookie-based authentication credentials, arbitrary script code execution, and the passing of malicious input to the underlying database application.
Version 3 beta 2.8 is vulnerable; other versions may be affected.
http://www.example.com/thwb/calendar.php?month=12&year='[SQL]
Exploit-DB
Thwboard Beta 2.8 - 'misc.php?userid' SQL Injection
exploitdb·2005-12-07
CVE-2005-4139 Thwboard Beta 2.8 - 'misc.php?userid' SQL Injection
Thwboard Beta 2.8 - 'misc.php?userid' SQL Injection
---
source: https://www.securityfocus.com/bid/15763/info
ThWboard is prone to multiple input validation vulnerabilities.
The application is vulnerable to HTML injection, cross-site scripting, and SQL injection; these issues are due to a lack of proper sanitization of user-supplied input.
A remote attacker may inject SQL, HTML and script code resulting in theft of cookie-based authentication credentials, arbitrary script code execution, and the passing of malicious input to the underlying database application.
Version 3 beta 2.8 is vulnerable; other versions may be affected.
http://www.example.com/thwb/misc.php?action=getlastpost&userid='[SQL]
No writeups or analysis indexed.
http://kapda.ir/advisory-149.htmlhttp://securityreason.com/securityalert/238http://www.osvdb.org/21737http://www.osvdb.org/21738http://www.osvdb.org/21739http://www.securityfocus.com/archive/1/418837/100/0/threadedhttp://www.securityfocus.com/bid/15763https://exchange.xforce.ibmcloud.com/vulnerabilities/23531http://kapda.ir/advisory-149.htmlhttp://securityreason.com/securityalert/238http://www.osvdb.org/21737http://www.osvdb.org/21738http://www.osvdb.org/21739http://www.securityfocus.com/archive/1/418837/100/0/threadedhttp://www.securityfocus.com/bid/15763https://exchange.xforce.ibmcloud.com/vulnerabilities/23531
2005-12-09
Published