CVE-2005-2058

Name of the Vulnerable Software and Affected Versions: Infopop UBB.Threads versions prior to 6.5.2 Beta

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters to different API endpoints, such as the Number parameter to "download.php", "modifypost.php", "mailthread.php", or "notifymod.php", the month or year parameter to "calendar.php", the message parameter to "viewmessage.php", the main parameter to "addfav.php", or the posted parameter to "grabnext.php".

Recommendations: For Infopop UBB.Threads versions prior to 6.5.2 Beta, update to version 6.5.2 Beta or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available. Avoid using the vulnerable parameters, such as Number, month, year, message, main, and posted, in the affected API endpoints until the issue is resolved.