CVE-2004-1966 Information

Description

Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php (2) sortorder perpage or id parameters in member.php (3) forums parameter in search.php or (4) PID or FID parameters in post.php.

Reference

http://marc.info/?l=bugtraq&m=108301983206107&w=2 http://secunia.com/advisories/11481 http://securitytracker.com/id?1009935 http://www.securityfocus.com/bid/10214 https://exchange.xforce.ibmcloud.com/vulnerabilities/15964