Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2005 David MaciejakOPENVAS:136141256231019750
HistoryMar 26, 2006 - 12:00 a.m.

DeluxeBB Multiple SQL injection flaws

2006-03-2600:00:00
Copyright (C) 2005 David Maciejak
plugins.openvas.org
12

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.7%

JSON

The remote host is using DeluxeBB, a web application forum written in PHP.

Multiple vulnerabilities exist in this version which may allow an attacker to execute arbitrary SQL queries
against the database.

# SPDX-FileCopyrightText: 2005 David Maciejak
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:deluxebb:deluxebb";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.19750");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)");
  script_cve_id("CVE-2005-2989");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/14851");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("DeluxeBB Multiple SQL injection flaws");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2005 David Maciejak");
  script_family("Web application abuses");
  script_dependencies("deluxeBB_detect.nasl");
  script_mandatory_keys("deluxebb/installed");

  script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure
  of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
  release, disable respective features, remove the product or replace the product by another one.");

  script_tag(name:"summary", value:"The remote host is using DeluxeBB, a web application forum written in PHP.

  Multiple vulnerabilities exist in this version which may allow an attacker to execute arbitrary SQL queries
  against the database.");

  script_tag(name:"solution_type", value:"WillNotFix");
  script_tag(name:"qod_type", value:"remote_app");

  exit(0);
}

include("host_details.inc");
include("http_func.inc");
include("http_keepalive.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!dir = get_app_location(cpe: CPE, port: port))
  exit(0);
if (dir == "/")
  dir = "";

url = dir + "/topic.php?tid='select";

if (http_vuln_check(port: port, url: url, pattern: "Error querying the database",
                    extra_check: "DeluxeBB tried to execute: SELECT" )) {
  report = http_report_vuln_url(port: port, url: url);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

cve 4
nessus 1
prion 3
cve
cve
CVE-2005-2989
2005-09-20 00:03:00
CVE-2008-6146
2009-02-16 17:30:00
CVE-2009-1033
2009-03-20 18:30:00
nessus
nessus
DeluxeBB Multiple Scripts SQL Injection
2005-09-19 00:00:00
prion
prion
Sql injection
2009-02-16 17:30:00
Sql injection
2009-03-20 18:30:00
Sql injection
2010-11-03 20:00:00

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.7%

JSON
Related for OPENVAS:136141256231019750
cve4nessus1prion3