UBB.threads contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search function not properly sanitizing user-supplied input to the Forum[] arry. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

Upgrade to version 6.5.2 beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1014285
• Secunia Advisory ID: 15805
• Related OSVDB ID: 17512 17517 17518 17521 17525 17526 17527 17528 17529 17530 17531 17532 17533
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0213.html
• Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00084-06232005
• Vendor Specific Solution URL: http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351
• Vendor URL: http://www.ubbcentral.com/ubbthreads/

• James Bercegay - securitygulftech.org - GulfTech Security Research

NVD does not currently have a CVSSv2 score assigned.