cpe:/a:musicbox:musicbox:2.3 CVE-2005-4500 2005-12-22T16:03:00.000-05:00 2017-07-19T21:29:16.503-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-12-22T16:42:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16030 SECUNIA 18369 BUGTRAQ 20060324 XSS & SQL Injection in Music Box v2.3 OSVDB 22272 VUPEN ADV-2006-0124 XF musicbox-show-type-sql-injection(24055) SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered.