Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1603

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1603
Last Modified 02 Oct 2012 04:05:33
Published 01 Oct 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1603

Summary

Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.

Vulnerable Systems

Application

  • Nextbbs 0.6


References

MISC - http://www.waraxe.us/advisory-80.html

BID - 52728

OSVDB - 80637

MLIST - [oss-security] 20120329 Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080

MLIST - [oss-security] 20120329 CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080

MISC - http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html

BUGTRAQ - 20120327 [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0


Last Updated: 27 May 2016 11:00:49