UBB.threads < 220.127.116.11 editpost.php SQL Injection
High Nessus Network Monitor Plugin ID 2699
SynopsisThe remote host is vulnerable to a SQL injection attack.
DescriptionThe remote host is running a version of UBB.threads that fails to sufficiently sanitize the 'Number' parameter before using it in SQL queries in the editpost.php script. As a result, a remote attacker can pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
SolutionUpgrade to UBB.threads version 18.104.22.168 or higher.