CVE-2004-2754

SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:yabb:yabb_se:0.8:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.1_rc1:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.4:*:*:*:*:*:*:*

History

20 Nov 2024, 23:54

Type Values Removed Values Added
References () http://securityreason.com/securityalert/3371 - () http://securityreason.com/securityalert/3371 -
References () http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105 - Patch () http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105 - Patch
References () http://www.osvdb.org/3618 - () http://www.osvdb.org/3618 -
References () http://www.securityfocus.com/archive/1/350244 - Exploit () http://www.securityfocus.com/archive/1/350244 - Exploit
References () http://www.securityfocus.com/bid/9449 - Patch () http://www.securityfocus.com/bid/9449 - Patch
References () http://www.securitytracker.com/id?1008764 - () http://www.securitytracker.com/id?1008764 -
References () http://www.yabbse.org/community/index.php?thread=27122 - () http://www.yabbse.org/community/index.php?thread=27122 -

Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:54


NVD link : CVE-2004-2754

Mitre link : CVE-2004-2754

CVE.ORG link : CVE-2004-2754


JSON object : View

Products Affected

yabb

  • yabb_se
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')