Vulnerability Description
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thwboard | Thwboard Beta | 2.8 |
References
- http://kapda.ir/advisory-149.htmlExploitPatchVendor Advisory
- http://securityreason.com/securityalert/238
- http://www.osvdb.org/21737
- http://www.osvdb.org/21738
- http://www.osvdb.org/21739
- http://www.securityfocus.com/archive/1/418837/100/0/threaded
- http://www.securityfocus.com/bid/15763ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23531
- http://kapda.ir/advisory-149.htmlExploitPatchVendor Advisory
- http://securityreason.com/securityalert/238
- http://www.osvdb.org/21737
- http://www.osvdb.org/21738
- http://www.osvdb.org/21739
- http://www.securityfocus.com/archive/1/418837/100/0/threaded
- http://www.securityfocus.com/bid/15763ExploitPatch
FAQ
What is CVE-2005-4139?
CVE-2005-4139 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v...
How severe is CVE-2005-4139?
CVE-2005-4139 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4139?
Check the references section above for vendor advisories and patch information. Affected products include: Thwboard Thwboard Beta.