CVE-2005-2058 Information

Description

Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php (2) modifypost.php (3) mailthread.php or (4) notifymod.php (5) month or (6) year parameter to calendar.php (7) message parameter to viewmessage.php (8) main parameter to addfav.php or (9) posted parameter to grabnext.php.

Reference

http://marc.info/?l=bugtraq&m=111963737202040&w=2 http://www.gulftech.org/?node=research&article_id=00084-06232005 http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/Post42351