Main Vulnerability Database Vulnerabilities #VU12709

#VU12709 SQL injection in 427BB - CVE-2006-0154

Published: May 14, 2018 / Updated: September 14, 2018

Vulnerability identifier: #VU12709

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2006-0154

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
427BB

Software vendor:
fourtwosevenbb.sourceforge.net

Description

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The weakness exists in showthread.php due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database via the ForumID parameter.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.

Remediation

Install update from vendor's website.

External links

http://evuln.com/labs/advisories/18/

#VU12709 SQL injection in 427BB - CVE-2006-0154

Description

Remediation

External links

Please verify you're human