CVE-2005-2004

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board (UPB) versions 1.9.6 GOLD and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters in different PHP files, including the ref parameter to "login.php", id or page parameter to "viewtopic.php", id parameter to "profile.php", "newpost.php", "email.php", "icq.php", or "aol.php", t id parameter to "newpost.php", ref parameter to "getpass.php", or sText parameter to "search.php".

Recommendations For Ultimate PHP Board (UPB) versions 1.9.6 GOLD and earlier, consider disabling the affected parameters, such as ref, id, page, t id, and sText, in the respective PHP files until a patch is available. Restrict access to the vulnerable PHP files, including "login.php", "viewtopic.php", "profile.php", "newpost.php", "email.php", "icq.php", "aol.php", "getpass.php", and "search.php", to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.