Main Vulnerability Database Vulnerabilities #VU12709

SQL injection in 427BB - CVE-2006-0154

Published: May 14, 2018 / Updated: September 14, 2018

Vulnerability identifier: #VU12709

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2006-0154

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: fourtwosevenbb.sourceforge.net

Affected software:
427BB

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The weakness exists in showthread.php due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database via the ForumID parameter.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.

How to mitigate CVE-2006-0154

Install update from vendor's website.

Sources

http://evuln.com/labs/advisories/18/

SQL injection in 427BB - CVE-2006-0154

Detailed vulnerability description

How to mitigate CVE-2006-0154

Sources

Please verify you're human