Описание
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
Ссылки
- Vendor Advisory
- Exploit
- ExploitPatch
- Vendor Advisory
- Exploit
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 2.2 (включая)
cpe:2.3:a:minibb:minibb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.0051
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
EPSS
Процентиль: 66%
0.0051
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-89