Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1966

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1966
Last Modified 05 Sep 2008 04:42:49
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1966

Summary

Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.

Vulnerable Systems

Application

  • Openbb 1.0.0 Beta1

  • Openbb 1.0.0 Rc1

  • Openbb 1.0.0 Rc2

  • Openbb 1.0.0 Rc3

  • Openbb 1.0.5

  • Openbb 1.0.6

  • Openbb 1.0.8


References

XF - openbb-multiplescripts-sql-injection(15964)

BID - 10214

SECTRACK - 1009935

SECUNIA - 11481

BUGTRAQ - 20040425 Multiple Vulnerabilities In OpenBB


Last Updated: 27 May 2016 10:39:16