CVE-2004-1966
published 2004-12-31CVE-2004-1966: Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.34%
67.7th percentile
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openbb | openbb | — | — |
| openbb | openbb | — | — |
| openbb | openbb | — | — |
| openbb | openbb | — | — |
| openbb | openbb | — | — |
| openbb | openbb | — | — |
| openbb | openbb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OpenBB 1.0.x - 'board.php?FID' SQL Injection
exploitdb·2004-04-26
CVE-2004-1966 OpenBB 1.0.x - 'board.php?FID' SQL Injection
OpenBB 1.0.x - 'board.php?FID' SQL Injection
---
source: https://www.securityfocus.com/bid/10214/info
It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
The SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed
Exploit-DB
OpenBB 1.0.x - 'search.php?q' SQL Injection
exploitdb·2004-04-26
CVE-2004-1966 OpenBB 1.0.x - 'search.php?q' SQL Injection
OpenBB 1.0.x - 'search.php?q' SQL Injection
---
source: https://www.securityfocus.com/bid/10214/info
It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
The SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed,
Exploit-DB
OpenBB 1.0.x - 'post.php' Multiple SQL Injections
exploitdb·2004-04-26
CVE-2004-1966 OpenBB 1.0.x - 'post.php' Multiple SQL Injections
OpenBB 1.0.x - 'post.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/10214/info
It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
The SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were fol
Exploit-DB
OpenBB 1.0.x - 'member.php' Multiple SQL Injections
exploitdb·2004-04-26
CVE-2004-1966 OpenBB 1.0.x - 'member.php' Multiple SQL Injections
OpenBB 1.0.x - 'member.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/10214/info
It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
The SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were f
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108301983206107&w=2http://secunia.com/advisories/11481http://securitytracker.com/id?1009935http://www.securityfocus.com/bid/10214https://exchange.xforce.ibmcloud.com/vulnerabilities/15964http://marc.info/?l=bugtraq&m=108301983206107&w=2http://secunia.com/advisories/11481http://securitytracker.com/id?1009935http://www.securityfocus.com/bid/10214https://exchange.xforce.ibmcloud.com/vulnerabilities/15964
2004-12-31
Published