Ubb · Ubb.Threads · CVE-2004-1622
**Name of the Vulnerable Software and Affected Versions**
UBB.threads versions 3.4.x
**Description**
The issue allows remote attackers to execute arbitrary SQL statements. This is achieved via the `Name` parameter in the "dosearch.php" endpoint.
**Recommendations**
For UBB.threads versions 3.4.x, update to a version that fixes this issue to prevent the execution of arbitrary SQL statements.