cpe:/a:deluxebb:deluxebb:1.0 cpe:/a:deluxebb:deluxebb:1.1 cpe:/a:deluxebb:deluxebb:1.2 cpe:/a:deluxebb:deluxebb:1.3 cpe:/a:deluxebb:deluxebb:1.05 cpe:/a:deluxebb:deluxebb:1.06 cpe:/a:deluxebb:deluxebb:1.07 cpe:/a:deluxebb:deluxebb:1.08 cpe:/a:deluxebb:deluxebb:1.09 CVE-2010-4151 2010-11-03T16:00:02.687-04:00 2017-08-16T21:33:07.367-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-11-04T10:26:00.000-04:00 BUGTRAQ 20101019 SQL injection in DeluxeBB SECUNIA 41918 BID 44259 XF deluxebb-xthedateformat-sql-injection(62660) MISC http://packetstormsecurity.org/1010-exploits/deluxebb13x-sql.txt CONFIRM http://www.deluxebb.com/community/topic.php?tid=993 MISC http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.