CVE-2008-3718

Name of the Vulnerable Software and Affected Versions cyberBB version 0.6

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This is possible via the id parameter to "show topic.php" and the user parameter to "profile.php".

Recommendations For cyberBB version 0.6, consider restricting access to the show topic.php and profile.php scripts until a patch is available. As a temporary workaround, avoid using the id parameter in "show topic.php" and the user parameter in "profile.php" to minimize the risk of exploitation.