DeluxeBB 'xthedateformat' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

DeluxeBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. DeluxeBB 1.3 and prior are vulnerable.

References

http://www.deluxebb.com/
http://www.securityfocus.com/archive/1/514374
https://www.securityfocus.com/bid/44259

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4151

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities June-09
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities