ID CVE-2005-2574
Summary xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].
References
Vulnerable Configurations
  • cpe:2.3:a:xmb_forum:xmb:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:xmb_forum:xmb:1.9.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-04-2021 - 15:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bugtraq 20050809 Sql injection and global variables poisoning in XMB Forum 1.9.1
misc http://forums.xmbforum.com/viewthread.php?tid=754523
statements via4
contributor Robert Chapin
lastmodified 2020-09-09
organization XMB
statement As noted in https://docs.xmbforum2.com/index.php?title=Security_Issue_History XMB version 1.9.10 or later must be installed to prevent attacks described by this CVE. All earlier versions of XMB are vulnerable until upgraded. Upgrades are available at https://www.xmbforum2.com/
Last major update 29-04-2021 - 15:15
Published 16-08-2005 - 04:00
Last modified 29-04-2021 - 15:15
Back to Top