Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5874

Overview
Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5874
Last Modified 21 Jan 2013 12:00:00
Published 11 Jan 2013 11:33:49
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5874

Summary

Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.

Vulnerable Systems

Application

  • Elite-board Elite Bulletin Board 2.0.0

  • Elite-board Elite Bulletin Board 2.0.1

  • Elite-board Elite Bulletin Board 2.0.2

  • Elite-board Elite Bulletin Board 2.0.3

  • Elite-board Elite Bulletin Board 2.1.0

  • Elite-board Elite Bulletin Board 2.1.1

  • Elite-board Elite Bulletin Board 2.1.10

  • Elite-board Elite Bulletin Board 2.1.11

  • Elite-board Elite Bulletin Board 2.1.12

  • Elite-board Elite Bulletin Board 2.1.13

  • Elite-board Elite Bulletin Board 2.1.14

  • Elite-board Elite Bulletin Board 2.1.15

  • Elite-board Elite Bulletin Board 2.1.16

  • Elite-board Elite Bulletin Board 2.1.17

  • Elite-board Elite Bulletin Board 2.1.18

  • Elite-board Elite Bulletin Board 2.1.19

  • Elite-board Elite Bulletin Board 2.1.2

  • Elite-board Elite Bulletin Board 2.1.20

  • Elite-board Elite Bulletin Board 2.1.21

  • Elite-board Elite Bulletin Board 2.1.3

  • Elite-board Elite Bulletin Board 2.1.4

  • Elite-board Elite Bulletin Board 2.1.5

  • Elite-board Elite Bulletin Board 2.1.6

  • Elite-board Elite Bulletin Board 2.1.7

  • Elite-board Elite Bulletin Board 2.1.8

  • Elite-board Elite Bulletin Board 2.1.9


References

MISC - https://www.htbridge.com/advisory/HTB23133

OSVDB - 88531

EXPLOIT-DB - 23575

SECUNIA - 51622

MISC - http://packetstormsecurity.com/files/118962/Elite-Bulletin-Board-2.1.21-SQL-Injection.html

CONFIRM - http://elite-board.us/Community/viewtopic.php?bid=1&tid=310

BUGTRAQ - 20121219 Multiple SQL Injection Vulnerabilities in Elite Bulletin Board

IT Risk Posture:

Learn More
divider


Vulnerabilities

Patches

News


Free Risk Assessment Tools

Application Scanner
Find vulnerabilities on your network.

divider

Device Scanner
Find vulnerabilities on your network.

divider

Patch Scanner
Find vulnerabilities on your network.

Last Updated: 27 May 2016 10:58:31