CVE-2008-2996

Name of the Vulnerable Software and Affected Versions Gravity Board X (GBX) version 2.0 Beta

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the searchquery parameter in a "getsearch" action and the board id parameter in a "viewboard" action, when magic quotes gpc is disabled.

Recommendations For Gravity Board X (GBX) version 2.0 Beta, consider disabling the getsearch and viewboard actions until a patch is available, or enable magic quotes gpc to prevent SQL injection attacks. Avoid using the searchquery and board id parameters in the affected actions until the issue is resolved.