CVE Vulnerabilities

CVE-2004-2181

Published: Dec 31, 2004 | Modified: Jun 25, 2009
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.

Affected Software

Name Vendor Start Version End Version
Wowbb_web_forum Wowbb 1.61 1.61
Wowbb_web_forum Wowbb 1.65 1.65

References