PBBoard CMS 'email' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with PBBoard CMS and is prone to sql-injection vulnerability.

Impact

Successful exploitation will allow attackers to inject or manipulate SQL queries in the back-end database allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

Solution

Update to latest PBBoard version 3.0.1 (updated on 28/11/2014) or later.

Insight

Input passed via the 'email' POST parameter to the /includes/functions.class.php script is not properly sanitized before returning to users.

Affected

PBBoard version 3.0.1 and prior.

Detection

Send a crafted request via HTTP GET and check whether it is able to execute sql query or not.

References

http://osvdb.org/115338
http://www.exploit-db.com/exploits/35473
http://www.itas.vn/news/ITAS-Team-discovered-SQL-Injection-in-PBBoard-CMS-68.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2014-9215

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atmail Multiple Unspecified Security Vulnerabilities.
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
ActivePerl perlIS.dll Buffer Overflow
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
AdaptBB Multiple Input Validation Vulnerabilities

Take action and discover your vulnerabilities