Описание
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2004-2754
- http://securityreason.com/securityalert/3371
- http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105
- http://www.osvdb.org/3618
- http://www.securityfocus.com/archive/1/350244
- http://www.securityfocus.com/bid/9449
- http://www.securitytracker.com/id?1008764
- http://www.yabbse.org/community/index.php?thread=27122
Связанные уязвимости
nvd
около 21 года назад
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.