CVE-2005-1833

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.mybboard.com/community/showthread.php?tid=2559	Exploit Patch Vendor Advisory
http://secunia.com/advisories/15552	Exploit Patch Vendor Advisory
http://www.osvdb.org/17024
http://marc.info/?l=bugtraq&m=111757191118050&w=2

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*

Information

Published : 2005-05-30 21:00

Updated : 2016-10-17 20:22

NVD link : CVE-2005-1833

Mitre link : CVE-2005-1833

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

mybulletinboard

mybulletinboard

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mybboard.com/community/showthread.php?tid=2559", "name": "http://www.mybboard.com/community/showthread.php?tid=2559", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/15552", "name": "15552", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/17024", "name": "17024", "tags": [], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=bugtraq&m=111757191118050&w=2", "name": "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1833", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-05-31T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.00_rc4"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T03:22Z"}