CVE-2005-3918

Name of the Vulnerable Software and Affected Versions OvBB version 0.08a

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the threadid parameter to "thread.php" and the userid parameter to "profile.php". The vendor has disputed these reports, stating they are unsubstantial.

Recommendations For OvBB version 0.08a, consider restricting access to the "thread.php" and "profile.php" scripts until a patch is available. As a temporary workaround, avoid using the threadid and userid parameters in the affected API endpoints.