cpe:/a:pd9_software:megabbs:2.2 CVE-2008-2023 2008-04-30T08:05:00.000-04:00 2017-09-28T21:30:59.240-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-05-01T20:47:00.000-04:00 ALLOWS_OTHER_ACCESS BID 28961 SECUNIA 29979 EXPLOIT-DB 5507 MISC http://www.bugreport.ir/?/37 XF megabbs-multiple-sql-injection(42044) Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.