CVE-2011-5277
published 2014-04-08CVE-2011-5277: Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.32%
67.3th percentile
Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advanced_forum_signatures_project | advanced_forum_signatures | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Advanced Forum Signatures 2.0.4 signature.php afs_full_line6 sql injection (EDB-17961 / XFDB-70473)
vuldb·2026-05-09·CVSS 7.5
CVE-2011-5277 [HIGH] Advanced Forum Signatures 2.0.4 signature.php afs_full_line6 sql injection (EDB-17961 / XFDB-70473)
A vulnerability was found in Advanced Forum Signatures 2.0.4. It has been declared as critical. This issue affects some unknown processing of the file signature.php. Such manipulation of the argument afs_full_line6 leads to sql injection.
This vulnerability is traded as CVE-2011-5277. The attack may be launched remotely. Furthermore, there is an exploit available.
GHSA
GHSA-gg5p-5hw9-qmgj: Multiple SQL injection vulnerabilities in signature
ghsa_unreviewed·2022-05-17
CVE-2011-5277 [HIGH] CWE-89 GHSA-gg5p-5hw9-qmgj: Multiple SQL injection vulnerabilities in signature
Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/76295http://secunia.com/advisories/46352http://www.exploit-db.com/exploits/17961http://www.securityfocus.com/bid/50051/infohttps://exchange.xforce.ibmcloud.com/vulnerabilities/70473http://osvdb.org/76295http://secunia.com/advisories/46352http://www.exploit-db.com/exploits/17961http://www.securityfocus.com/bid/50051/infohttps://exchange.xforce.ibmcloud.com/vulnerabilities/70473
2014-04-08
Published