header-logo
Suggest Exploit
vendor:
UBB.threads
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: UBB.threads
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: a:ubbcentral:ubb.threads
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

UBBCentral UBB.threads SQL Injection Vulnerability

The UBBCentral UBB.threads application is prone to an SQL injection vulnerability due to a failure in validating user-supplied URI input. A malicious user can exploit this vulnerability to manipulate database queries and potentially access or modify sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in database queries. Additionally, implementing parameterized queries or prepared statements can help prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11502/info

It is reported that UBBCentral UBB.threads is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input.

Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database.

www.example.com/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695 
OR 
www.example.com/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695'/*