CVE-2005-2059

MEDIUM

UBB.Threads < 6.5.1.1 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.

References (3)

Core 3
Core References
Broken Link, Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00084-06232005
Exploit, Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111963737202040&w=2

Scores

CVSS v3 6.5
EPSS 0.0096
EPSS Percentile 57.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
ubbcentral/ubb.threads < 6.5.1.1
Published Jun 29, 2005
Tracked Since Feb 18, 2026