Lucene search

[email protected]CVE-2014-9215

HistoryDec 05, 2014 - 3:59 p.m.

CVE-2014-9215

2014-12-0515:59:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-9215

sql injection

pbboard 3.0.1

security vulnerability

remote attackers

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.6%

JSON

SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2.

CPENameOperatorVersion
pbboard:pbboardpbboardle3.0.1

CPE	Name	Operator	Version
pbboard:pbboard	pbboard	le	3.0.1

References

www.itas.vn/news/ITAS-Team-discovered-SQL-Injection-in-PBBoard-CMS-68.html

www.securityfocus.com/archive/1/534149/100/0/threaded

www.youtube.com/watch?v=AQiGvH5xrJg

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.6%

JSON

Related for CVE-2014-9215

prion2 dsquare3 exploitpack1 zdt1 packetstorm2 securityvulns4 openvas1 exploitdb1 cve1 htbridge1