Vulners
Lucene search
Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection
| Reporter | Title | Published | Views | Family All 4 |
|---|---|---|---|---|
 | CVE-2004-1536 | 19 Feb 200505:00 | – | cve |
 | CVE-2004-1536 | 19 Feb 200505:00 | – | cvelist |
 | EUVD-2004-1530 | 7 Oct 202500:30 | – | euvd |
 | CVE-2004-1536 | 31 Dec 200405:00 | – | nvd |
| Source | Link |
|---|---|
| seclists | www.seclists.org/bugtraq/2004/Nov/270 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(15775);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/01");
script_cve_id("CVE-2004-1536");
script_bugtraq_id(11719);
script_name(english:"Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP script that is affected by a SQL
injection vulnerability.");
script_set_attribute(attribute:"description", value:
"The installation of Invision Power Board on the remote host includes
an optional module, named 'Arcade', that allows unauthorized users to
inject SQL commands into the remote SQL database through the 'cat'
parameter. An attacker may use this flaw to gain control of the
remote database and possibly to overwrite files on the remote host.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Nov/270");
script_set_attribute(attribute:"solution", value:
"Unknown at this time.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_ATTACK);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.");
script_dependencies("invision_power_board_detect.nasl");
script_require_keys("www/invision_power_board");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
if (!can_host_php(port:port)) exit(0);
# Test an install.
install = get_kb_item(string("www/", port, "/invision_power_board"));
if (isnull(install)) exit(0);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches)) {
path = matches[2];
w = http_send_recv3(method:"GET",item:string(path, "/index.php?act=Arcade&cat=1'"), port:port);
if (isnull(w)) exit(1, "The web server on port "+port+" did not answer");
res = w[2];
if ("mySQL query error: SELECT g.*, c.password FROM ibf_games_list AS" >< res)
{
security_hole(port);
set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
}
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jun 2022 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 27.5
EPSS0.0053