CVE-2004-2754

SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:yabb:yabb_se:0.8:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.1_rc1:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:yabb:yabb_se:1.5.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2024-02-28 10:42


NVD link : CVE-2004-2754

Mitre link : CVE-2004-2754

CVE.ORG link : CVE-2004-2754


JSON object : View

Products Affected

yabb

  • yabb_se
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')