Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.
References
Configurations
History
21 Nov 2024, 01:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2012-03/0135.html - Exploit | |
References | () http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html - | |
References | () http://www.openwall.com/lists/oss-security/2012/03/29/8 - Exploit | |
References | () http://www.openwall.com/lists/oss-security/2012/03/30/2 - Exploit | |
References | () http://www.osvdb.org/80637 - | |
References | () http://www.securityfocus.com/bid/52728 - Exploit | |
References | () http://www.waraxe.us/advisory-80.html - Exploit |
Information
Published : 2012-10-01 23:55
Updated : 2024-11-21 01:37
NVD link : CVE-2012-1603
Mitre link : CVE-2012-1603
CVE.ORG link : CVE-2012-1603
JSON object : View
Products Affected
nextbbs
- nextbbs
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')