CVE-2005-1833 - Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to

CVE-2005-1833

Summary

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.

References

Vulnerable Configurations

cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*
cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 03:22)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4
confirm	http://www.mybboard.com/community/showthread.php?tid=2559
osvdb	17024
secunia	15552

Last major update

18-10-2016 - 03:22

Published

31-05-2005 - 04:00

Last modified

18-10-2016 - 03:22