header-logo
Suggest Exploit
vendor:
YaBB SE
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: YaBB SE
Affected Version From: YaBB SE
Affected Version To: YaBB SE
Patch Exists: YES
Related CWE: N/A
CPE: a:yabbse:yabbse
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

SQL Injection in YaBB SE

A vulnerability exists in the Reminder.php script distributed as part of YaBB SE due to insufficient sanitizing of input. This allows a remote user to inject arbitrary SQL into the database used by YaBB SE that could be used to reset or change the password of a user.

Mitigation:

Sanitize user input to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6591/info

It has been reported that a problem exists in the Reminder.php script distributed as part of YaBB SE. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by YaBB SE that could be used to reset or change the password of a user. 

http://www.example.com/yabbse/Reminder.php?searchtype=esearch&user=[yourusername]'%20or%20memberName='[otherusername]

Navigation

Suggest Exploit

Services By CQR