CVE-2005-3364 Information

Description

Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php (2) the u2uid parameter in u2u.php and (3) an invalid theme file in the themes action to ctrtools.php.

Reference

http://marc.info/?l=bugtraq&m=113017087231116&w=2 http://securityreason.com/securityalert/109 http://securitytracker.com/id?1015095 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-10/0298.html http://www.osvdb.org/20442 http://www.osvdb.org/20443 http://www.securityfocus.com/bid/15174 http://www.securityfocus.com/bid/15194