Ultimate PHP Board ViewForum.PHP SQL Injection And XSS Flaws Network Vulnerability

Summary

The remote host is running Ultimate PHP Board (UPB). The remote version of this software is vulnerable to cross-site scripting attacks, and SQL injection flaws. Using a specially crafted URL, an attacker may execute arbitrary commands against the remote SQL database or use the remote server to set up a cross site scripting attack.

Solution

Upgrade to version 1.9.7 or newer.

Severity

Classification

CVE CVE-2005-1614, CVE-2005-1615

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

b2ePMS Multiple SQL Injection Vulnerabilities
Admbook PHP Code Injection Flaw
Apache Tomcat Windows Installer Privilege Escalation Vulnerability
ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
aflog Cookie-Based Authentication Bypass Vulnerability

Ultimate PHP Board ViewForum.PHP SQL injection and XSS flaws

Take action and discover your vulnerabilities