Summary
The host is installed with miniBB
and is prone to sql injection vulnerability.
Impact
Successful exploitation will allow remote
attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
Update to version 3.1 released on
2014-11-27, For updates refer to http://www.minibb.com
Insight
Flaw is due to the bb_func_unsub.php script
not properly sanitizing user-supplied input to the 'code' parameter.
Affected
MiniBB version 3.1 before 20141127
Detection
Send a crafted request via HTTP GET and
check whether it is able to execute sql query or not.
References
Severity
Classification
-
CVE CVE-2014-9254 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities