VYPR
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026

CVE-2004-0323

CVE-2004-0323

Description

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • XMB Forum/Xmb3 versions
    cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:xmb_forum:xmb:1.8_sp1:*:*:*:*:*:*:*
    • cpe:2.3:a:xmb_forum:xmb:1.8_sp2:*:*:*:*:*:*:*
  • XMB/XMBllm-fuzzy
    Range: <=1.9 beta

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.