CVE Vulnerabilities

CVE-2004-1966

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.

Affected Software

Name Vendor Start Version End Version
Openbb Openbb 1.0.0_beta1 1.0.0_beta1
Openbb Openbb 1.0.0_rc1 1.0.0_rc1
Openbb Openbb 1.0.0_rc2 1.0.0_rc2
Openbb Openbb 1.0.0_rc3 1.0.0_rc3
Openbb Openbb 1.0.5 1.0.5
Openbb Openbb 1.0.6 1.0.6
Openbb Openbb 1.0.8 1.0.8

References