CVE-2004-2181

Name of the Vulnerable Software and Affected Versions WowBB Forum versions 1.61

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the sort by or page parameters to "view user.php", or the forum id parameter to "view topic.php".

Recommendations For WowBB Forum version 1.61, consider restricting access to the view user.php and view topic.php scripts until a patch is available. As a temporary workaround, avoid using the sort by, page, and forum id parameters in the affected API endpoints.