UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection

EDB-ID:

25903




Platform:

PHP

Date:

2005-06-24


source: https://www.securityfocus.com/bid/14052/info
      
UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
      
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

http://www.example.com/ubbt/grabnext.php?Cat=4&Board=UBB23&mode=showflat&sticky=0&dir=old&posted=1045942715[SQL]