Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2456

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2456
Last Modified 05 Sep 2008 04:44:11
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2456

Summary

SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action.

Vulnerable Systems

Application

  • Minibb 1.2

  • Minibb 1.5

  • Minibb 1.6

  • Minibb 1.7

  • Minibb 1.7a

  • Minibb 1.7c


References

XF - minibb-user-sql-injection(18080)

BID - 11688

OSVDB - 11711

SECTRACK - 1012164

CONFIRM - http://www.minibb.net/forums/index.php?action=vthread&forum=9&topic=1854

MISC - http://www.minibb.net/forums/index.php?action=vthread&forum=1&topic=1767


Last Updated: 27 May 2016 10:39:29