Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2067

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2067
Last Modified 31 Jul 2013 10:34:34
Published 02 May 2008 07:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2067

Summary

SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.

Vulnerable Systems

Application

  • Minibb 2.2a


References

BUGTRAQ - 20080428 Minibb 2.2a XSS Vulnerability

SREASON - 3846

SECUNIA - 30004

XF - minibb-bbadmin-sql-injection(42270)

MISC - https://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-minibb/

BID - 61116

CONFIRM - http://www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html

CONFIRM - http://www.minibb.com/download.php?file=minibb_update

FULLDISC - 20130711 XSS and SQL Injection Vulnerabilities in MiniBB

OSVDB - 95121


Last Updated: 27 May 2016 11:02:42