CVE-2004-0323
published 2004-12-31CVE-2004-0323: Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.13%
89.6th percentile
Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xmb_forum | xmb | — | — |
| xmb_forum | xmb | — | — |
| xmb_forum | xmb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.htmlhttp://archives.neohapsis.com/archives/bugtraq/2004-03/0265.htmlhttp://marc.info/?l=bugtraq&m=107756526625179&w=2http://www.securityfocus.com/bid/9726http://www.xmbforum.com/community/boards/viewthread.php?tid=746859https://docs.xmbforum2.com/index.php?title=Security_Issue_Historyhttps://exchange.xforce.ibmcloud.com/vulnerabilities/15295http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.htmlhttp://archives.neohapsis.com/archives/bugtraq/2004-03/0265.htmlhttp://marc.info/?l=bugtraq&m=107756526625179&w=2http://www.securityfocus.com/bid/9726http://www.xmbforum.com/community/boards/viewthread.php?tid=746859https://docs.xmbforum2.com/index.php?title=Security_Issue_Historyhttps://exchange.xforce.ibmcloud.com/vulnerabilities/15295
2004-12-31
Published