Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2754

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2754
Last Modified 05 Sep 2008 04:45:01
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2754

Summary

SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.

Vulnerable Systems

Application

  • Yabb Se 0.8

  • Yabb Se 1.1.3

  • Yabb Se 1.4.1

  • Yabb Se 1.5.0

  • Yabb Se 1.5.1

  • Yabb Se 1.5.1 Rc1

  • Yabb Se 1.5.2

  • Yabb Se 1.5.3

  • Yabb Se 1.5.4


References

BID - 9449

MISC - http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105

MISC - http://www.yabbse.org/community/index.php?thread=27122

SECTRACK - 1008764

BUGTRAQ - 20040119 Yabb SE SQL Injection

OSVDB - 3618

SREASON - 3371


Last Updated: 27 May 2016 10:39:37