SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Usebb | Usebb | 0.1 (including) | 0.1 (including) |
| Usebb | Usebb | 0.1.1 (including) | 0.1.1 (including) |
| Usebb | Usebb | 0.2 (including) | 0.2 (including) |
| Usebb | Usebb | 0.2.1 (including) | 0.2.1 (including) |
| Usebb | Usebb | 0.2.2 (including) | 0.2.2 (including) |
| Usebb | Usebb | 0.2.3 (including) | 0.2.3 (including) |
| Usebb | Usebb | 0.2.3a (including) | 0.2.3a (including) |
| Usebb | Usebb | 0.3 (including) | 0.3 (including) |
| Usebb | Usebb | 0.3.1 (including) | 0.3.1 (including) |
| Usebb | Usebb | 0.3.2 (including) | 0.3.2 (including) |
| Usebb | Usebb | 0.4 (including) | 0.4 (including) |
| Usebb | Usebb | 0.4.1 (including) | 0.4.1 (including) |
| Usebb | Usebb | 0.5 (including) | 0.5 (including) |
| Usebb | Usebb | 0.5.1 (including) | 0.5.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=112264706213040\u0026w=2
- http://www.hardened-php.net/advisory_122005.60.html
- http://www.securityfocus.com/bid/14413
- http://www.usebb.net/community/topic.php?id=605
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21652
- http://marc.info/?l=bugtraq\u0026m=112264706213040\u0026w=2
- http://www.hardened-php.net/advisory_122005.60.html
- http://www.securityfocus.com/bid/14413
- http://www.usebb.net/community/topic.php?id=605
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21652