Summary
The remote host is running Ultimate PHP Board (UPB).
The remote version of this software is vulnerable to cross-site scripting attacks, and SQL injection flaws.
Using a specially crafted URL, an attacker may execute arbitrary commands against the remote SQL database or use the remote server to set up a cross site scripting attack.
Solution
Upgrade to version 1.9.7 or newer.
Severity
Classification
-
CVE CVE-2005-1614, CVE-2005-1615 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- Adobe ColdFusion Directory Traversal Vulnerability
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- 'research_display.php' SQL Injection Vulnerability
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities