Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 01/07/2009 Updated: 19/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and previous versions for PunBB allows remote malicious users to execute arbitrary SQL commands via the out parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
biglle vote_for_us_extension 1.0
biglle vote_for_us_extension

#!/usr/bin/perl #[0-Day] PunBB VoteForUsphp OUT Mod <= v101 Remote Blind SQL Injection Exploit #Coded By Dante90, WaRWolFz Crew #Bug Discovered By: Dante90, WaRWolFz Crew #Download: wwwpunresorg/descphp?pid=378 use strict; use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; use IO::Socket; my ($Hash,$Time,$Time_Start, ...

CWE-89 http://www.exploit-db.com/exploits/9058 https://nvd.nist.gov https://www.exploit-db.com/exploits/9058/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-2276

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect