CVE-2005-2580
published 2005-08-16CVE-2005-2580: Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.08%
79.2th percentile
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mybulletinboard | mybulletinboard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple SQL Injections
exploitdb·2005-08-12
CVE-2005-2580 MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple SQL Injections
MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/14553/info
MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Reports indicate an attacker can exploit at least one of these vulnerabilities to gain administrative access to the affected application.
http://www.example.com/member.php?action=login : username='[SQL INJECTION]
http://www.example.com/member.php?action='[SQL Injection]
Exploit-DB
MyBulletinBoard (MyBB) RC4 - 'Username' SQL Injection
exploitdb·2005-08-12
CVE-2005-2580 MyBulletinBoard (MyBB) RC4 - 'Username' SQL Injection
MyBulletinBoard (MyBB) RC4 - 'Username' SQL Injection
---
source: https://www.securityfocus.com/bid/14553/info
MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Reports indicate an attacker can exploit at least one of these vulnerabilities to gain administrative access to the affected application.
The following proof of concept demonstrates the vulnerability in admin/index.php:
Username: ' or 1=1 /*
Password: blank
Exploit-DB
MyBulletinBoard (MyBB) RC4 - 'action' SQL Injection
exploitdb·2005-08-12
CVE-2005-2580 MyBulletinBoard (MyBB) RC4 - 'action' SQL Injection
MyBulletinBoard (MyBB) RC4 - 'action' SQL Injection
---
source: https://www.securityfocus.com/bid/14553/info
MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Reports indicate an attacker can exploit at least one of these vulnerabilities to gain administrative access to the affected application.
http://www.example.com/search.php?action='[SQL Injection]
Exploit-DB
MyBulletinBoard (MyBB) RC4 - 'polloptions' SQL Injection
exploitdb·2005-08-12
CVE-2005-2580 MyBulletinBoard (MyBB) RC4 - 'polloptions' SQL Injection
MyBulletinBoard (MyBB) RC4 - 'polloptions' SQL Injection
---
source: https://www.securityfocus.com/bid/14553/info
MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Reports indicate an attacker can exploit at least one of these vulnerabilities to gain administrative access to the affected application.
http://www.example.com/polls.php?action=newpoll&tid=1&polloptions='[SQL INJECTION]
No writeups or analysis indexed.
2005-08-16
Published