CVE-2005-3259 Information

Description

Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field (2) \search this thread\ feature (3) \search for posts\ feature (4) \forgot password\ feature (5) list parameter in userlistpre.php and the (6) select (7) categ and (8) to parameters in index.php.

Reference

http://marc.info/?l=bugtraq&m=112907535528616&w=2 http://rgod.altervista.org/versatile100RC2.html http://secunia.com/advisories/17174/ http://www.osvdb.org/19962 http://www.osvdb.org/19963 http://www.osvdb.org/19964 http://www.osvdb.org/19965 http://www.osvdb.org/19966 http://www.osvdb.org/19967 http://www.osvdb.org/19968 http://www.securityfocus.com/bid/15068