OvBB 0.x - 'profile.php?userid' SQL Injection

EDB-ID:

26590




Platform:

PHP

Date:

2005-11-24


source: https://www.securityfocus.com/bid/15566/info
 
OvBB is prone to multiple SQL injection vulnerabilities.
 
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
 
OvBB 0.08a and prior versions are reportedly affected. 

http://www.example.com/forums/profile.php?userid=[SQL]