Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3871

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3871
Last Modified 07 Mar 2011 09:27:18
Published 29 Nov 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3871

Summary

Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php.

Vulnerable Systems

Application

  • Jbb 0.9.9 Rc3


References

VUPEN - ADV-2005-2620

BID - 15590

SECUNIA - 17727

OSVDB - 21151

OSVDB - 21150

OSVDB - 21149

OSVDB - 21148

MISC - http://pridels0.blogspot.com/2005/11/jbb-sql-inj-vuln.html


Last Updated: 27 May 2016 10:41:04