Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4034

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-4034
Last Modified 13 Aug 2012 12:00:00
Published 11 Aug 2012 08:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4034

Summary

Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.

Vulnerable Systems

Application

  • Pbboard 2.1.4


References

MISC - https://www.htbridge.com/advisory/HTB23101

XF - pbboard-indexscript-sql-injection(77501)

BID - 54916

MISC - http://www.pbboard.com/forums/t10353.html

MISC - http://www.pbboard.com/forums/t10352.html

SECUNIA - 50153

OSVDB - 84480


Last Updated: 27 May 2016 10:51:39