Lucene search

[email protected]CVE-2011-5278

HistoryApr 08, 2014 - 2:22 p.m.

CVE-2011-5278

2014-04-0814:22:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2011-5278

sql injection

signature.php

advanced forum signatures

afsignatures

mybb

remote attackers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter.

Affected configurations

NVD

Node

advanced_forum_signatures_projectadvanced_forum_signaturesMatch2.0.4mybb

CPENameOperatorVersion
advanced_forum_signatures_project:advanced_forum_signaturesadvanced forum signatures project advanced forum signatureseq2.0.4

CPE	Name	Operator	Version
advanced_forum_signatures_project:advanced_forum_signatures	advanced forum signatures project advanced forum signatures	eq	2.0.4

References

osvdb.org/76295

secunia.com/advisories/46352

www.exploit-db.com/exploits/17961

www.securityfocus.com/bid/50051/info

exchange.xforce.ibmcloud.com/vulnerabilities/70473

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2011-5278

prion1 cvelist1 nvd1 openvas1