Published: 02/07/2009 Updated: 19/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and previous versions for PunBB allow remote malicious users to execute arbitrary SQL commands via the (1) in or (2) out parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
punres affiliates_mod
punres affiliates_mod 1.0.0

#!/usr/bin/perl #[0-Day] PunBB Affiliationsphp OUT Mod <= v11 Remote Blind SQL Injection Exploit #Coded By Dante90, WaRWolFz Crew #Bug Discovered By: Dante90 & UltraSound, WaRWolFz Crew #Product: wwwpunresorg/descphp?pid=328 use strict; use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; use IO::Socket; my ($Hash,$ ...

CWE-89 http://secunia.com/advisories/35654 http://packetstormsecurity.org/0906-exploits/punbbaffiliations-blindsql.txt http://www.osvdb.org/55478 http://packetstormsecurity.org/0906-exploits/punbbaffiliationsin-blindsql.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/51437 http://www.exploit-db.com/exploits/9055 https://nvd.nist.gov https://www.exploit-db.com/exploits/9055/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-2308

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect