CVE-2005-2059

Published: Jun 29, 2005Modified: Apr 16, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.

Affected (1)

Products: Ubbcentral: Ubb.threads

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ubbcentral Ubb.threads	Up to 6.5.1.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://marc.info/?l=bugtraq&m=111963737202040&w=2

Source: cve@mitre.org

ExploitMailing List

http://www.gulftech.org/?node=research&article_id=00084-06232005

Source: cve@mitre.org

Broken LinkExploitPatchVendor Advisory

http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351

Source: cve@mitre.org

Broken LinkPatch

http://marc.info/?l=bugtraq&m=111963737202040&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing List

http://www.gulftech.org/?node=research&article_id=00084-06232005

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploitPatchVendor Advisory

http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatch

Timeline

No history available yet.