CVE-2008-6970

Ubbcentral Ubb.threads < 7.3.1 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/32347

View Code ZIP pw:eip

nomisec WORKING POC

by KyomaHooin · poc

https://github.com/KyomaHooin/CVE-2008-6970

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/44976

Vendor Advisory x_refsource_confirm

http://www.ubbcentral.com/forums/ubbthreads.php/topics/216722/

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/47954

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31074

Exploit x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00130-09082008

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31804

Scores

EPSS 0.0087

EPSS Percentile 75.3%

Details

CWE

CWE-89

Status published

Products (31)

ubbcentral/ubb.threads 3.4

ubbcentral/ubb.threads 3.5

ubbcentral/ubb.threads 5.0

ubbcentral/ubb.threads 5.5.1

ubbcentral/ubb.threads 6.0

ubbcentral/ubb.threads 6.0.1

ubbcentral/ubb.threads 6.0.2

ubbcentral/ubb.threads 6.0.3

ubbcentral/ubb.threads 6.1

ubbcentral/ubb.threads 6.1.1

... and 21 more

Published Aug 13, 2009

Tracked Since Feb 18, 2026