7.5
CVSSv2

CVE-2014-9254

Published: 31/12/2014 Updated: 21/11/2024

Vulnerability Summary

bb_func_unsub.php in MiniBB 3.1 prior to 20141127 uses an incorrect regular expression, which allows remote malicious users to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.

Vulnerable Product Search on Vulmon Subscribe to Product

minibb minibb

Exploits

# Exploit Title: miniBB 31 Blind SQL Injection # Date: 23-11-2014 # Software Link: wwwminibbcom/ # Exploit Author: Kacper Szurek # Contact: twittercom/KacperSzurek # Website: securityszurekpl/ # CVE: CVE-2014-9254 # Category: webapps 1 Description preg_match() only check if $_GET['code'] contains at least one letter ...
miniBB version 31 suffers from a remote blind SQL injection vulnerability ...