header-logo
Suggest Exploit
vendor:
Beehive Forum
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
Unknown
CWE
Product Name: Beehive Forum
Affected Version From: 2000.6.2
Affected Version To: 2000.6.2
Patch Exists: NO
Related CWE: Unknown
CPE: a:beehive_forum:beehive:0.6.2
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Beehive Forum SQL Injection Vulnerability

The Beehive Forum application fails to properly sanitize user-supplied input, leading to an SQL injection vulnerability. An attacker can exploit this vulnerability to bypass authentication and gain administrative access to the site. Other attacks may also be possible.

Mitigation:

Apply patches or updates provided by the vendor. Sanitize user input to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16521/info

Beehive Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation can allow an attacker to bypass authentication and gain administrative access to a site. Other attacks may also be possible.

Beehive Forum 0.6.2 is reported to be vulnerable. 

http://www.example.com/beehive/index.php?user_sess=k
http://www.example.com/beehive/index.php?user_sess=1+MYFORUM