CVE-2005-3259

Name of the Vulnerable Software and Affected Versions versatileBulletinBoard (vBB) version 1.0.0 RC2

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This can be achieved through various features, including the login field, "search this thread" feature, "search for posts" feature, "forgot password" feature, and specific parameters in userlistpre.php and index.php, such as the list parameter, and the select, categ, and to parameters.

Recommendations For version 1.0.0 RC2, consider disabling the vulnerable features, including the login field, "search this thread" feature, "search for posts" feature, "forgot password" feature, and restrict access to the list parameter in userlistpre.php and the select, categ, and to parameters in index.php until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved.