CVE-2013-6936

Sažetak

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

Reference

http://osvdb.org/100030
http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html
http://seclists.org/bugtraq/2013/Nov/102
http://www.exploit-db.com/exploits/29797
http://www.iedb.ir/exploits-889.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/89084

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:34

Objavljeno

04-12-2013 - 18:56