CVE-2012-4034
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://www.pbboard.com/forums/t10353.html
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/50153
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| pbboard | pbboard | 2.1.4 | |
References
- http://osvdb.org/84480
- http://secunia.com/advisories/50153
- http://www.pbboard.com/forums/t10352.html
- http://www.pbboard.com/forums/t10353.html
- http://www.securityfocus.com/bid/54916
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77501
- https://www.htbridge.com/advisory/HTB23101
- http://osvdb.org/84480
- http://secunia.com/advisories/50153
- http://www.pbboard.com/forums/t10352.html
- http://www.pbboard.com/forums/t10353.html
- http://www.securityfocus.com/bid/54916
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77501
- https://www.htbridge.com/advisory/HTB23101
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.