Published: 31/12/2004 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions prior to 1.5.5 allows remote malicious users to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yabb yabb se 0.8
yabb yabb se 1.1.3
yabb yabb se 1.4.1
yabb yabb se 1.5.3
yabb yabb se 1.5.4
yabb yabb se 1.5.1
yabb yabb se 1.5.2
yabb yabb se 1.5.0
yabb yabb se 1.5.1_rc1

source: wwwsecurityfocuscom/bid/9449/info A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks It has been reported that a problem exists in the SSIphp script distributed as part of YaBB SE Due to insufficient sanitizing of user-supplied URI parameters, it is possible for a remote user to inject ...

CWE-89 http://www.securityfocus.com/archive/1/350244 http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105 http://www.yabbse.org/community/index.php?thread=27122 http://www.securityfocus.com/bid/9449 http://www.osvdb.org/3618 http://www.securitytracker.com/id?1008764 http://securityreason.com/securityalert/3371 https://nvd.nist.gov https://www.exploit-db.com/exploits/23554/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2754

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect