header-logo
Suggest Exploit
vendor:
OpenBB
by:
SecurityFocus
7.5
CVSS
HIGH
Command Injection
89
CWE
Product Name: OpenBB
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

OpenBB Command Injection Vulnerability

It has been reported that OpenBB does not properly check input passed via the 'board.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequences will vary depending on the underlying database implementation.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7404/info

It has been reported that OpenBB does not properly check input passed via the 'board.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequences will vary depending on the underlying database implementation. 

http://www.example.com/board.php?FID=2%20<something>

where <something> represents a SQL query.

Navigation

Suggest Exploit

Services By CQR