CVE-2005-4139

Thwboard Beta - SQL Injection

Title source: rule
STIX 2.1

Description

Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.

Exploits (3)

exploitdb WRITEUP VERIFIED
by trueend5 · textwebappsphp
https://www.exploit-db.com/exploits/26756
exploitdb WRITEUP VERIFIED
by trueend5 · textwebappsphp
https://www.exploit-db.com/exploits/26757
exploitdb WRITEUP VERIFIED
by trueend5 · textwebappsphp
https://www.exploit-db.com/exploits/26755

References (8)

Core 8
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
http://kapda.ir/advisory-149.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/238
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/418837/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21738
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23531
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21737
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15763
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21739

Scores

EPSS 0.0242
EPSS Percentile 85.2%

Details

Status published
Products (1)
thwboard/thwboard_beta 2.8
Published Dec 09, 2005
Tracked Since Feb 18, 2026