Published: 31/12/2004 Updated: 29/04/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote malicious users to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmb forum xmb 1.8_sp1
xmb forum xmb 1.8_sp2
xmb forum xmb 1.8

source: wwwsecurityfocuscom/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities The issues present themselves due to insufficient sanitization of remote user supplied data An attacker may exploit any one of these vulnerabilities to execute arbitrary script ...

NVD-CWE-Other http://www.securityfocus.com/bid/9726 http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html http://www.xmbforum.com/community/boards/viewthread.php?tid=746859 http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html http://marc.info/?l=bugtraq&m=107756526625179&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/15295 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://nvd.nist.gov https://www.exploit-db.com/exploits/23748/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-0323

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect