MidnightBSD

Advisories for thwboard

CVE-2003-1185 HIGH

Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
thwboard thwboard 2.81_beta
thwboard thwboard 2.8_beta
CVE-2004-1779 MEDIUM

Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
thwboard thwboard_beta 2.81
thwboard thwboard_beta 2.8
thwboard thwboard_beta 2.82
thwboard thwboard_beta 2.83
CVE-2005-4139 HIGH

Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
thwboard thwboard_beta 2.8
CVE-2006-1926 MEDIUM

SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
thwboard thwboard 2.83_beta
thwboard thwboard 2.81_beta
thwboard thwboard 2.84_beta_3
thwboard thwboard 2.8_beta
thwboard thwboard 2.82_beta
CVE-2006-2037 MEDIUM

Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
thwboard thwboard 3.0_beta_2.84