CVE-2005-2989

Name of the Vulnerable Software and Affected Versions DeluxeBB versions 1.0 through 1.0.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the tid parameter to "topic.php", the uid parameter to "misc.php" or "pm.php", or the fid parameter to "forums.php" or "newpost.php".

Recommendations For DeluxeBB versions 1.0 through 1.0.5, consider restricting access to the vulnerable parameters tid, uid, and fid in the respective API endpoints until a patch is available. As a temporary workaround, avoid using these parameters in the affected files "topic.php", "misc.php", "pm.php", "forums.php", and "newpost.php" to minimize the risk of exploitation.