CVE-2011-4066

🗓️ 04 Nov 2011 21:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 47 Views🌐 WEB

CVE-2011-4066 SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO

Reporter	Title	Published	Views	Family All 10
0day.today	Gnuboard <= 4.33.02 tp.php PATH_INFO SQL Injection	16 Oct 201100:00	–	zdt
Circl	CVE-2011-4066	28 Oct 202015:50	–	circl
Cvelist	CVE-2011-4066	4 Nov 201121:00	–	cvelist
Exploit DB	GNUBoard 4.33.02 - 'tp.php?PATH_INFO' SQL Injection	17 Oct 201100:00	–	exploitdb
EUVD	EUVD-2011-4018	7 Oct 202500:30	–	euvd
exploitpack	GNUBoard 4.33.02 - tp.php?PATH_INFO SQL Injection	17 Oct 201100:00	–	exploitpack
NVD	CVE-2011-4066	4 Nov 201121:55	–	nvd
Packet Storm	Gnuboard 4.33.02 SQL Injection	17 Oct 201100:00	–	packetstorm
Prion	Sql injection	4 Nov 201121:55	–	prion
seebug.org	Gnuboard <= 4.33.02 tp.php PATH_INFO SQL Injection	1 Jul 201400:00	–	seebug

NVD

Node

sir gnuboardRange≤4.33.02

sir gnuboardMatch3.30

sir gnuboardMatch3.31

sir gnuboardMatch3.32

sir gnuboardMatch3.33

sir gnuboardMatch3.34

sir gnuboardMatch3.35

sir gnuboardMatch3.36

sir gnuboardMatch3.37

sir gnuboardMatch3.38

sir gnuboardMatch3.39

sir gnuboardMatch3.40

sir gnuboardMatch4.31.03

Source	Link
securityfocus	www.securityfocus.com/bid/50173
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/70686
exploit-db	www.exploit-db.com/exploits/17992
securitytracker	www.securitytracker.com/id

Parameter	Position	Path	Description	CWE
bo_table	path	bbs/tb.php/[sql]/[sql]	SQL injection via PATH_INFO in /bbs/tb.php allowing injection through bo_table and wr_id	CWE-89
wr_id	path	bbs/tb.php/[sql]/[sql]	SQL injection via PATH_INFO in /bbs/tb.php allowing injection through bo_table and wr_id	CWE-89
to_token	path	bbs/tb.php/[sql]/[sql]	SQL injection via PATH_INFO in /bbs/tb.php allowing injection through bo_table and wr_id	CWE-89

29 Apr 2026 01:13Current

8.6High risk

Vulners AI Score8.6

CVSS 27.5

EPSS0.00775

CWE-89