Intrusion Prevention

NewsBoard.Forum.PHP.SQL.Injection

Description

A SQL injection vulnerability in search.inc.php in Unclassified NewsBoard, before 1.5.3 Patch 4, allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.

Affected Products

Unclassified NewsBoard version 1.5.3 Patch 3 and prior.

Impact

Execute arbitrary SQL commands.

Recommended Actions

Upgrade to Unclassified NewsBoard version 1.5.3 Patch 4 :
http://newsboard.unclassified.de/download

CVE References

CVE-2005-3686