Summary
This host is installed with Elite Bulletin Board and is prone to multiple SQL injection vulnerabilities.
Impact
Successful exploitation will allow remote attackers to compromise the application, access or modify data or exploit vulnerabilities in the underlying database.
Impact Level: Application
Solution
Upgrade to Elite Bulletin Board 2.1.22 or later,
For updates refer to http://elite-board.us/
Insight
Input appended to the URL after multiple scripts is not properly sanitised within the 'update_whosonline_reg()' and 'update_whosonline_guest()' functions (includes/user_function.php) before being used in a SQL query.
Affected
Elite Bulletin Board version 2.1.21 and prior
References
Severity
Classification
-
CVE CVE-2012-5874 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 4psa Voipnow Local File Inclusion Vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- ArticleFR CMS Multiple Vulnerabilities - Jan15