CVE-2005-2989

DeluxeBB 1.0-1.0.5 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php.

Exploits (5)

exploitdb WRITEUP VERIFIED

by abducter · textwebappsphp

https://www.exploit-db.com/exploits/26264

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by abducter · textwebappsphp

https://www.exploit-db.com/exploits/26267

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by abducter · textwebappsphp

https://www.exploit-db.com/exploits/26268

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by abducter · textwebappsphp

https://www.exploit-db.com/exploits/26265

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by abducter · textwebappsphp

https://www.exploit-db.com/exploits/26266

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/1752

Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/16819

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/14851

Scores

EPSS 0.0054

EPSS Percentile 67.7%

Details

Status published

Products (2)

deluxebb/deluxebb 1.0

deluxebb/deluxebb 1.05

Published Sep 20, 2005

Tracked Since Feb 18, 2026