CyberSec.Space Logo
Back to CVE Browser

CVE-2005-1615

HIGH
7.5
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile27.59th
PublishedMay 16, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability.

Affected Platforms (CPE)

πŸ“¦
Ultimate Php Board

Ultimate Php Board

= 1.8
πŸ“¦
Ultimate Php Board

Ultimate Php Board

= 1.8.2
πŸ“¦
Ultimate Php Board

Ultimate Php Board

= 1.9
πŸ“¦
Ultimate Php Board

Ultimate Php Board

= 1.9.6

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=111600262424876&w=2
πŸ”— http://www.securityfocus.com/bid/13622
πŸ”— http://marc.info/?l=bugtraq&m=111600262424876&w=2
πŸ”— http://www.securityfocus.com/bid/13622

Related Vulnerabilities

CVE-2006-320310.0

The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which ...

CVE-2002-18209.8

register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote...

CVE-2005-16167.5

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid...

CVE-2003-03957.5

Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP r...