CVE-2008-5578 Information

Description

Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0 1.1 1.11 and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action (2) the u parameter in a profile action (3) the viewcat parameter or (4) a combination of scb_uid and scb_ident cookie values.

Reference

http://securityreason.com/securityalert/4739 http://www.securityfocus.com/bid/27866 https://www.exploit-db.com/exploits/5149