CVE-2008-2996 Information

Description

Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta when magic_quotes_gpc is disabled allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action and the (2) board_id parameter in a viewboard action.

Reference

http://securityreason.com/securityalert/3970 http://www.securityfocus.com/bid/29685 https://exchange.xforce.ibmcloud.com/vulnerabilities/43022 https://www.exploit-db.com/exploits/5791