ID OSVDB:17432 Type osvdb Reporter OSVDB Modified 2005-06-19T04:40:43
Description
Solution Description
Upgrade to version .12 Beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
References:
Vendor URL: http://www.fusionbb.com/
Vendor Specific News/Changelog Entry: http://www.interactivephp.com/misc/CHANGELOG.html
Related OSVDB ID: 17433
Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00081-06132005
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0109.html
ISS X-Force ID: 21003
CVE-2005-1972
{"edition": 1, "title": "FusionBB Cookie bb_session_id Variable SQL Injection", "bulletinFamily": "software", "published": "2005-06-19T04:40:43", "lastseen": "2017-04-28T13:20:13", "modified": "2005-06-19T04:40:43", "reporter": "OSVDB", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:17432", "description": "## Solution Description\nUpgrade to version .12 Beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.fusionbb.com/\nVendor Specific News/Changelog Entry: http://www.interactivephp.com/misc/CHANGELOG.html\n[Related OSVDB ID: 17433](https://vulners.com/osvdb/OSVDB:17433)\nOther Advisory URL: http://www.gulftech.org/?node=research&article_id=00081-06132005\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0109.html\nISS X-Force ID: 21003\n[CVE-2005-1972](https://vulners.com/cve/CVE-2005-1972)\n", "affectedSoftware": [], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-04-28T13:20:13", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1972"]}], "modified": "2017-04-28T13:20:13", "rev": 2}, "vulnersScore": 6.4}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "cvelist": ["CVE-2005-1972"], "id": "OSVDB:17432"}
{"cve": [{"lastseen": "2020-10-03T11:34:55", "description": "Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 Beta and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username, which is not properly handled by the insertUser function, or (2) the bb_session_id value in a cookie.", "edition": 3, "cvss3": {}, "published": "2005-06-13T04:00:00", "title": "CVE-2005-1972", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1972"], "modified": "2008-09-05T20:50:00", "cpe": ["cpe:/a:interactivephp:fusionbb:11_beta"], "id": "CVE-2005-1972", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1972", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:interactivephp:fusionbb:11_beta:*:*:*:*:*:*:*"]}]}
