Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Beehive Forum SQL Injection Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Beehive Forum
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
Unknown
CWE
Product Name: Beehive Forum
Affected Version From: 2000.6.2
Affected Version To: 2000.6.2
Patch Exists: NO
Related CWE: Unknown
CPE: a:beehive_forum:beehive:0.6.2
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Beehive Forum SQL Injection Vulnerability

The Beehive Forum application fails to properly sanitize user-supplied input, leading to an SQL injection vulnerability. An attacker can exploit this vulnerability to bypass authentication and gain administrative access to the site. Other attacks may also be possible.

Mitigation:

Apply patches or updates provided by the vendor. Sanitize user input to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16521/info

Beehive Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation can allow an attacker to bypass authentication and gain administrative access to a site. Other attacks may also be possible.

Beehive Forum 0.6.2 is reported to be vulnerable. 

http://www.example.com/beehive/index.php?user_sess=k
http://www.example.com/beehive/index.php?user_sess=1+MYFORUM

Navigation

Suggest Exploit

Services By CQR