8.9 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.9%
Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, © editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.
CPE | Name | Operator | Version |
---|---|---|---|
aweb_labs:awebbb | aweb labs awebbb | eq | 1.2 |
evuln.com/vulns/117/summary.html
secunia.com/advisories/19486
www.osvdb.org/24340
www.osvdb.org/24341
www.osvdb.org/24342
www.osvdb.org/24343
www.osvdb.org/24344
www.osvdb.org/24345
www.osvdb.org/24346
www.osvdb.org/24347
www.osvdb.org/24348
www.osvdb.org/24349
www.osvdb.org/24350
www.osvdb.org/24351
www.osvdb.org/24352
www.securityfocus.com/archive/1/431064/100/0/threaded
www.securityfocus.com/bid/17352
www.vupen.com/english/advisories/2006/1197
exchange.xforce.ibmcloud.com/vulnerabilities/25587