Multiple Vulnerabilities In MercuryBoard Network Vulnerability

Summary

The remote host is running MercuryBoard, a message board system written in PHP. Multiple vulnerabilities have been discovered in the product that allow an attacker to cause numerous cross site scripting attacks, inject arbitrary SQL statements and disclose the path under which the product has been installed.

Solution

Upgrade to MercuryBoard version 1.1.3.

Severity

Classification

CVE CVE-2005-0306, CVE-2005-0307, CVE-2005-0414, CVE-2005-0460, CVE-2005-0462, CVE-2005-0662, CVE-2005-0663, CVE-2005-0878

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

b2ePMS Multiple SQL Injection Vulnerabilities
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities

Multiple Vulnerabilities in MercuryBoard

Take action and discover your vulnerabilities