header-logo
Suggest Exploit
vendor:
InstaBoard
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: InstaBoard
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Multiple Input Validation Errors in InstaBoard

It has been reported that multiple input validation errors exist in the index.cfm file included with InstaBoard. Because of this issue, remote attackers may launch SQL injection attacks through the software. The consequences may vary depending on the particular database implementation and the nature of the specific queries. SQL injection also makes it possible, under some circumstances, to exploit latent vulnerabilities that may exist in the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7338/info

It has been reported that multiple input validation errors exist in the index.cfm file included with InstaBoard. Because of this issue, remote attackers may launch SQL injection attacks through the software.

The consequences may vary depending on the particular database implementation and the nature of the specific queries. SQL injection also makes it possible, under some circumstances, to exploit latent vulnerabilities that may exist in the underlying database.

It should be noted that although this vulnerability has been reported to affect InstaBoard version 1.3 previous versions might also be affected. 

http://www.example.com/instaboard/index.cfm?frmid=1%20AND%20u.userid%20IN%20(select%20userid%20from%20users)
http://www.example.com/instaboard/index.cfm?frmid=1&tpcid=1%20SQL
http://www.example.com/instaboard/index.cfm?frmid=1%20SQL&tpcid=1
http://www.example.com/instaboard/index.cfm?pr=replymsg&frmid=1&tpcid=1%20SQL&msgid=11
http://www.example.com/instaboard/index.cfm?pr=replymsg&frmid=1&tpcid=1&msgid=11%20SQL
http://www.example.com/instaboard/index.cfm?catid=1%20SQL

Navigation

Suggest Exploit

Services By CQR