DevoyBB Multiple Flaws Network Vulnerability

Summary

The remote host is running DevoyBB, a web based forum written in PHP. This version is vulnerable to XSS and SQL injection attacks. A malicious user can access users cookies including authentication cookies and inject SQL commands to be executed on the underlying database.

Solution

Upgrade to the latest version.

Severity

Classification

CVE CVE-2004-2177, CVE-2004-2178

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

aflog Cookie-Based Authentication Bypass Vulnerability
admin.cgi overflow
b2Evolution title SQL Injection
Apache Tomcat AJP Protocol Security Bypass Vulnerability
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability

DevoyBB multiple flaws

Take action and discover your vulnerabilities