Gravity Board X Development Team » Gravity Board X : Security Vulnerabilities, CVEs,

CVE-2005-2565

Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message.
Max CVSS
5.0
EPSS Score
0.50%
Published
2005-08-16
Updated
2017-07-11

CVE-2005-2564

Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.
Max CVSS
7.5
EPSS Score
3.56%
Published
2005-08-16
Updated
2017-07-11

CVE-2005-2563

Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template.
Max CVSS
4.3
EPSS Score
0.31%
Published
2005-08-16
Updated
2016-10-18

CVE-2005-2562

SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.
Max CVSS
7.5
EPSS Score
0.24%
Published
2005-08-16
Updated
2017-07-11
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close