ThWboard Board[styleid] SQL Injection Vulnerability
BID:22047
Info
ThWboard Board[styleid] SQL Injection Vulnerability
| Bugtraq ID: | 22047 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 14 2007 12:00AM |
| Updated: | Jan 15 2007 08:00PM |
| Credit: | rgod is credited with the discovery of this vulnerability. |
| Vulnerable: |
Thwboard Thwboard 3.0 Beta 2.84 |
| Not Vulnerable: | |
Discussion
ThWboard Board[styleid] SQL Injection Vulnerability
ThWboard is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
ThWboard 3.0 Beta 2.84-php5 and prior versions are vulnerable; other versions may also be affected.
ThWboard is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
ThWboard 3.0 Beta 2.84-php5 and prior versions are vulnerable; other versions may also be affected.
Exploit / POC
ThWboard Board[styleid] SQL Injection Vulnerability
An attacker can exploit this issue via a web client.
The following proof of concept is available:
An attacker can exploit this issue via a web client.
The following proof of concept is available:
Solution / Fix
ThWboard Board[styleid] SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].