vendor:
Gravity Board X v2.0 BETA
by:
milw0rm.com
9
CVSS
HIGH
SQL Injection and Code Execution
89
CWE
Product Name: Gravity Board X v2.0 BETA
Affected Version From: 2.0 BETA
Affected Version To: 2.0 BETA
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Gravity Board X v2.0 BETA SQL Injection and Code Execution Vulnerability
Gravity Board X v2.0 BETA is prone to an SQL injection vulnerability and a code execution vulnerability. An attacker can exploit these issues to manipulate SQL queries, access or modify data, execute arbitrary code in the context of the webserver process, and gain access to sensitive information. The code execution vulnerability is due to a lack of proper sanitization of user-supplied input in the 'board_name' parameter when creating a new board. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process.
Mitigation:
Gravity Board X v2.0 BETA has been discontinued and is no longer supported. It is recommended to upgrade to a more recent version of Gravity Board X.
