Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable admin UI (AV:N, AC:L), but Members Control Panel access requires high-privilege authentication (PR:H); blind SQLi yields full DB read/write (C:H/I:H) with limited availability impact (A:L).
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries through time-based or boolean-based techniques. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.
AnalysisAI
Authenticated blind SQL injection in UBB.threads forum software version 7.7.5 (and likely other versions) allows administrators with access to the Members section of the Control Panel to extract arbitrary database contents, including user credentials, via time-based or boolean-based SQLi techniques. Reported by CERT-PL after unsuccessful vendor contact, with no public exploit identified at time of analysis and no vendor-released patch.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must already be authenticated to the UBB.threads Control Panel with privileges sufficient to reach the Members management interface (PR:H in the CVSS 4.0 vector) - this is an administrative area, not a public forum page, so anonymous internet attackers cannot reach the sink directly. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L) realistically captures the risk: network reachable and low complexity, but PR:H meaningfully constrains who can actually exploit it - only users already holding Control Panel / Members-management privileges. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A disgruntled or compromised forum administrator with Members-area access opens the Members section of the Control Panel, intercepts a search or management request, and feeds time-based payloads through a tool like sqlmap into the vulnerable parameter to dump the users table - including password hashes and email addresses - character-by-character from response delays. Those hashes are then cracked offline and reused against the same admin's other staff to escalate control of the forum, or sold; no public exploit is currently identified, but the bug class is trivially weaponizable with off-the-shelf tooling. |
| Remediation | No vendor-released patch identified at time of analysis, since CERT-PL reports vendor contact attempts were unsuccessful; monitor https://www.ubbcentral.com/ and the CERT-PL advisory at https://cert.pl/en/posts/2026/06/CVE-2026-54219 for an updated build beyond 7.7.5. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running UBB.threads forum software and confirm which versions are deployed, prioritizing identification of version 7.7.5 installations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Ubb Threads
View allCross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attacke
Remote code execution in UBB.threads forum software (version 7.7.5 confirmed) is achievable by authenticated users holdi
Cross-site request forgery in UBB.threads forum software version 7.7.5 (and potentially earlier versions) allows remote
Database-resource exhaustion in UBB.threads forum software (confirmed in version 7.7.5) allows an authenticated low-priv
Reflected XSS in UBB.threads 7.7.5 enables remote attackers to execute arbitrary JavaScript in a victim's browser by tri
Stored XSS in UBB.threads 7.7.5 permits low-privileged forum members to permanently inject arbitrary JavaScript into pos
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37885
GHSA-wqx8-qrc6-2wpv