Lucene search

[email protected]CVE-2011-5277

HistoryApr 08, 2014 - 2:22 p.m.

CVE-2011-5277

2014-04-0814:22:08

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

signature.php

advanced forum signatures

afsignatures

mybb

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

advanced_forum_signatures_projectadvanced_forum_signaturesMatch2.0.4mybb

CPENameOperatorVersion
advanced_forum_signatures_project:advanced_forum_signaturesadvanced forum signatures project advanced forum signatureseq2.0.4

CPE	Name	Operator	Version
advanced_forum_signatures_project:advanced_forum_signatures	advanced forum signatures project advanced forum signatures	eq	2.0.4

References

osvdb.org/76295

secunia.com/advisories/46352

www.exploit-db.com/exploits/17961

www.securityfocus.com/bid/50051/info

exchange.xforce.ibmcloud.com/vulnerabilities/70473

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2011-5277

prion1 cvelist1 nvd1 openvas1