CVE-2005-0651

Name of the Vulnerable Software and Affected Versions ProjectBB version 0.4.5.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters and fields, including liste or desc parameters to "divers.php", the search feature text area, post name in the post creation feature, City, Homepage, ICQ, AOL, Yahoo!, MSN, or e-mail fields in the profile feature, and the new field in the moderator section.

Recommendations For ProjectBB version 0.4.5.1, as a temporary workaround, consider restricting access to the "divers.php" endpoint and limiting user input in the search feature, post creation, profile, and moderator sections to minimize the risk of exploitation. Avoid using the liste and desc parameters in the "divers.php" endpoint until the issue is resolved. Additionally, restrict user input in the City, Homepage, ICQ, AOL, Yahoo!, MSN, e-mail, and new fields. At the moment, there is no information about a newer version that contains a fix for this issue.