CVE-2013-6936

Опубликовано: 04 дек. 2013

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

Ссылки

http://osvdb.org/100030
http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html
Exploit
http://seclists.org/bugtraq/2013/Nov/102
Exploit
http://www.exploit-db.com/exploits/29797
Exploit
http://www.iedb.ir/exploits-889.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/89084
http://osvdb.org/100030
http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html
Exploit
http://seclists.org/bugtraq/2013/Nov/102
Exploit
http://www.exploit-db.com/exploits/29797
Exploit
http://www.iedb.ir/exploits-889.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/89084

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mybb:ajax_forum_stat:2.0:-:*:*:*:mybb:*:*

EPSS

Процентиль: 83%

0.01939

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2f93-2pfr-964f

github

больше 3 лет назад