OpenBB XSS And SQL Injection Flaws Network Vulnerability

Summary

The remote host seems to be running OpenBB, a forum management system written in PHP. The remote version of this software is vulnerable to cross-site scripting attacks, and SQL injection flaws. Using a specially crafted URL, an attacker may execute arbitrary commands against the remote SQL database or use the remote server to set up a cross site scripting attack.

Solution

Upgrade to version 1.0.9 of this software or newer

Severity

Classification

CVE CVE-2005-1612, CVE-2005-1613

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Arkeia Appliance Path Traversal Vulnerability
b2Evolution title SQL Injection
Avenger's News System Command Execution
AjaXplorer zoho plugin Directory Traversal Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities

OpenBB XSS and SQL injection flaws

Take action and discover your vulnerabilities