Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1833

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1833
Last Modified 16 Jul 2013 10:47:40
Published 31 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1833

Summary

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.

Vulnerable Systems

Application

  • Mybulletinboard 1.00 Rc4


References

CONFIRM - http://www.mybboard.com/community/showthread.php?tid=2559

SECUNIA - 15552

BUGTRAQ - 20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4

OSVDB - 17024


Last Updated: 27 May 2016 10:40:18