This host is running NoticeBoardPro and is prone to SQL injection and arbitrary file upload vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session in the context of an affected application and to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application.

Upgrade to NoticeBoardPro version 1.1. For updates refer to http://www.NoticeBoardPro.com/

The flaws are due to - Input passed via the 'userID' parameter to 'deleteItem3.php' is not properly sanitised before being used in SQL queries. - An error in 'editItem1.php' script, while validating an uploaded files which leads to execution of arbitrary PHP code by uploading a PHP file.

NoticeBoardPro version 1.0

• http://secunia.com/advisories/44595/
• http://www.exploit-db.com/exploits/17296/

---

Updated on 2015-03-25