Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

UBB.threads < 6.5.1.1 editpost.php SQL Injection

High

Synopsis

The remote host is vulnerable to a SQL injection attack.

Description

The remote host is running a version of UBB.threads that fails to sufficiently sanitize the 'Number' parameter before using it in SQL queries in the editpost.php script. As a result, a remote attacker can pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.

Solution

Upgrade to UBB.threads version 6.5.1.1 or higher.