CVE-2005-4612

Name of the Vulnerable Software and Affected Versions VUBB alpha version rc1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the f parameter to "viewforum.php", the t parameter to "viewtopic.php", and the view parameter to "usercp.php".

Recommendations For VUBB alpha version rc1, consider restricting access to the viewforum.php, viewtopic.php, and usercp.php scripts until a patch is available. As a temporary workaround, avoid using the f parameter in "viewforum.php", the t parameter in "viewtopic.php", and the view parameter in "usercp.php" to minimize the risk of exploitation.