Lucene search

[email protected]NVD:CVE-2013-6936

HistoryDec 04, 2013 - 6:56 p.m.

CVE-2013-6936

2013-12-0418:56:56

CWE-89

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

JSON

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

Affected configurations

NVD

Node

mybbajax_forum_statMatch2.0-mybb

References

osvdb.org/100030

packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html

seclists.org/bugtraq/2013/Nov/102

www.exploit-db.com/exploits/29797

www.iedb.ir/exploits-889.html

exchange.xforce.ibmcloud.com/vulnerabilities/89084

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

JSON

Related for NVD:CVE-2013-6936

prion1 cvelist1 openvas1 cve1