CVE-2012-4034

Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.pbboard.com/forums/t10352.html
http://www.pbboard.com/forums/t10353.html	Vendor Advisory
http://www.securityfocus.com/bid/54916	Exploit
http://secunia.com/advisories/50153	Vendor Advisory
http://osvdb.org/84480
https://www.htbridge.com/advisory/HTB23101	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/77501

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:pbboard:pbboard:2.1.4:*:*:*:*:*:*:*

Information

Published : 2012-08-11 17:55

Updated : 2017-08-28 18:32

NVD link : CVE-2012-4034

Mitre link : CVE-2012-4034

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

Products Affected

pbboard

pbboard

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.pbboard.com/forums/t10352.html", "name": "http://www.pbboard.com/forums/t10352.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.pbboard.com/forums/t10353.html", "name": "http://www.pbboard.com/forums/t10353.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/54916", "name": "54916", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/50153", "name": "50153", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/84480", "name": "84480", "tags": [], "refsource": "OSVDB"}, {"url": "https://www.htbridge.com/advisory/HTB23101", "name": "https://www.htbridge.com/advisory/HTB23101", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77501", "name": "pbboard-indexscript-sql-injection(77501)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-4034", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-08-12T00:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pbboard:pbboard:2.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:32Z"}