CVE-2004-2181
published 2004-12-31CVE-2004-2181: Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.15%
62.9th percentile
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wowbb | wowbb | — | — |
| wowbb | wowbb_web_forum | — | — |
| wowbb | wowbb_web_forum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v82c-4hvx-qp92: SQL injection vulnerability in WowBB 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-4431 [HIGH] GHSA-v82c-4hvx-qp92: SQL injection vulnerability in WowBB 1
SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181.
GHSA
GHSA-4885-7gpq-c6h2: Multiple SQL injection vulnerabilities in WowBB Forum 1
ghsa_unreviewed·2022-04-29
CVE-2004-2181 [HIGH] GHSA-4885-7gpq-c6h2: Multiple SQL injection vulnerabilities in WowBB Forum 1
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
No detection rules found.
No writeups or analysis indexed.
2004-12-31
Published