header-logo
Suggest Exploit
vendor:
Instant-Messages script
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Instant-Messages script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

SQL Injection in ttCMS/ttForum

A problem with ttCMS/ttForum could make it possible for a remote user to launch SQL injection attacks. It has been reported that a problem exists in the Instant-Messages script distributed as part of the software. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by the web forums.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7634/info

A problem with ttCMS/ttForum could make it possible for a remote user to launch SQL injection attacks.

It has been reported that a problem exists in the Instant-Messages script distributed as part of the software. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by the web forums.

It should be noted that the current version of YaBB SE, the Forum that ttForum was derived from, is not affected by this vulnerability. 

http://www.example.org/board/index.php?action=imprefs

Go to the Ignorelist-Textfield and enter:

',memberGroup='Administrator

Navigation

Suggest Exploit

Services By CQR