ProjectBB Multiple SQL Injection Vulnerabilities
BID:12710
Info
ProjectBB Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 12710 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2005 12:00AM |
| Updated: | Mar 02 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to "benji lemien" <[email protected]>. |
| Vulnerable: |
ProjectBB ProjectBB 0.4.5 .1 |
| Not Vulnerable: | |
Discussion
ProjectBB Multiple SQL Injection Vulnerabilities
ProjectBB is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
ProjectBB is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Exploit / POC
ProjectBB Multiple SQL Injection Vulnerabilities
No exploit is required.
The following proof of concepts are available:
http://www.example.com/Zip/divers.php?action=liste&liste=[SQL CODE]
http://www.example.com/Zip/divers.php?action =liste&liste=email&desc=[SQL CODE]&pages=1
No exploit is required.
The following proof of concepts are available:
http://www.example.com/Zip/divers.php?action=liste&liste=[SQL CODE]
http://www.example.com/Zip/divers.php?action =liste&liste=email&desc=[SQL CODE]&pages=1
Solution / Fix
ProjectBB Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.