CVE-2005-3871 Information

Description

Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php (2) forum and (3) zeigeseite parameters in showforum.php (4) forum parameter in newtopic.php and (5) tidnr parameter in neuerbeitrag.php.

Reference

http://pridels0.blogspot.com/2005/11/jbb-sql-inj-vuln.html http://secunia.com/advisories/17727 http://www.osvdb.org/21148 http://www.osvdb.org/21149 http://www.osvdb.org/21150 http://www.osvdb.org/21151 http://www.securityfocus.com/bid/15590 http://www.vupen.com/english/advisories/2005/2620