{"enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2197"]}], "modified": "2017-04-28T13:20:14"}, "vulnersScore": 7.5}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Id Board free", "operator": "eq", "version": "1.1.3"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:17811", "id": "OSVDB:17811", "title": "Id Board sql.cls.php tbl_suff Variable SQL Injection", "history": [], "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2017-04-28T13:20:14", "edition": 1, "hash": "7010b6ac4d0d22c72b55477c72609ca7d81815265e64bace03399c17b31f848e", "objectVersion": "1.2", "reporter": "Defa(defa@systemli.org)", "description": "## Vulnerability Description\nId Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the sql.cls.php script not properly sanitizing user-supplied input to the tbl_suff variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nId Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the sql.cls.php script not properly sanitizing user-supplied input to the tbl_suff variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/index.php?site=warn&f=1%20WHERE%200=1%20UNION%20SELECT%20mem_pw%20as%20post_topic_name%20FROM%20members%20WHERE%20mem_id=1/*&0&warn=0\n## References:\nVendor URL: http://www.id-team.com/\nSecurity Tracker: 1014438\n[Secunia Advisory ID:15976](https://secuniaresearch.flexerasoftware.com/advisories/15976/)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0169.html\n[CVE-2005-2197](https://vulners.com/cve/CVE-2005-2197)\n", "modified": "2005-07-10T10:15:20", "viewCount": 0, "published": "2005-07-10T10:15:20", "cvelist": ["CVE-2005-2197"], "hashmap": [{"key": "affectedSoftware", "hash": "05e679053b8b2e2e0e890532465e9272"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "5ccaec2acf06e1c8520532d9de9c4cec"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "8108a9951a219b8886f791ee843f474b"}, {"key": "href", "hash": "fb48198441d3b1005c4bdb950d09b58a"}, {"key": "modified", "hash": "aea583bf1be6d75eae5d7672fa906781"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "aea583bf1be6d75eae5d7672fa906781"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e13e440b925cc48309cf0b7ce633ad63"}, {"key": "title", "hash": "7fb4aec17b494a3bf6c66132a4ec4c1a"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}]}

{"cve": [{"lastseen": "2017-04-18T15:51:19", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.", "modified": "2016-10-17T23:25:46", "published": "2005-07-11T00:00:00", "id": "CVE-2005-2197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2197", "title": "CVE-2005-2197", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}