Lucene search

[email protected]CVE-2012-4034

HistoryAug 12, 2012 - 12:55 a.m.

CVE-2012-4034

2012-08-1200:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-4034

pbboard

sql injection

remote attackers

arbitrary sql commands

security vulnerability

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.1%

JSON

Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.

CPENameOperatorVersion
pbboard:pbboardpbboardeq2.1.4

CPE	Name	Operator	Version
pbboard:pbboard	pbboard	eq	2.1.4

References

osvdb.org/84480

secunia.com/advisories/50153

www.pbboard.com/forums/t10352.html

www.pbboard.com/forums/t10353.html

www.securityfocus.com/bid/54916

exchange.xforce.ibmcloud.com/vulnerabilities/77501

www.htbridge.com/advisory/HTB23101

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2012-4034

dsquare2 prion2 cve1 packetstorm1 securityvulns2 htbridge1