[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-2067

Date: (C)2008-05-02   (M)2017-08-08
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.

Reference:
http://www.securityfocus.com/archive/1/archive/1/491375/100/0/threaded
http://seclists.org/fulldisclosure/2013/Jul/102
SECUNIA-30004
SREASON-3846
BID-61116
OSVDB-95121
http://www.minibb.com/download.php?file=minibb_update
http://www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html
https://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-minibb/
minibb-bbadmin-sql-injection(42270)

CWE    1
CWE-89

© 2013 SecPod Technologies