CVE-2004-1555

Name of the Vulnerable Software and Affected Versions BroadBoard Instant ASP Message Board (affected versions not specified)

Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands through specific parameters in various ASP files. The affected parameters include the keywords parameter to "search.asp", the handle parameter to "profile.asp", the txtUserHandle parameter to "reg2.asp", and the txtUserEmail parameter to "forgot.asp".

Recommendations For BroadBoard Instant ASP Message Board, consider restricting access to the affected ASP files until a fix is available. As a temporary workaround, avoid using the keywords parameter in "search.asp", the handle parameter in "profile.asp", the txtUserHandle parameter in "reg2.asp", and the txtUserEmail parameter in "forgot.asp" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.