CVE-2006-0638

Sažetak

SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter.

Reference

http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html
http://secunia.com/advisories/18754
http://www.osvdb.org/22957
http://www.securityfocus.com/archive/1/424335/100/0/threaded
http://www.securityfocus.com/bid/16538
http://www.vupen.com/english/advisories/2006/0475

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:45

Objavljeno

10-02-2006 - 11:02