Lucene search

[email protected]CVE-2013-6936

HistoryDec 04, 2013 - 6:56 p.m.

CVE-2013-6936

2013-12-0418:56:56

CWE-89

[email protected]

web.nvd.nist.gov

cve-2013-6936

sql injection

ajaxfs.php

ajax forum stat

ajaxfs plugin

mybb

mybulletinboard

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

JSON

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

Affected configurations

NVD

Node

mybbajax_forum_statMatch2.0-mybb

CPENameOperatorVersion
mybb:ajax_forum_statmybb ajax forum stateq2.0

CPE	Name	Operator	Version
mybb:ajax_forum_stat	mybb ajax forum stat	eq	2.0

References

osvdb.org/100030

packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html

seclists.org/bugtraq/2013/Nov/102

www.exploit-db.com/exploits/29797

www.iedb.ir/exploits-889.html

exchange.xforce.ibmcloud.com/vulnerabilities/89084

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

JSON

Related for CVE-2013-6936

prion1 nvd1 cvelist1 openvas1