ID OSVDB:19407 Type osvdb Reporter abducter(abducter_minds@yahoo.com) Modified 2005-09-15T06:06:35
Description
Vulnerability Description
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'pm.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'pm.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.
{"edition": 1, "title": "DeluxeBB pm.php uid Variable SQL Injection", "bulletinFamily": "software", "published": "2005-09-15T06:06:35", "lastseen": "2017-04-28T13:20:15", "modified": "2005-09-15T06:06:35", "reporter": "abducter(abducter_minds@yahoo.com)", "viewCount": 2, "href": "https://vulners.com/osvdb/OSVDB:19407", "description": "## Vulnerability Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'pm.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'pm.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/pm.php?sub=newpm&uid=[code]\n## References:\nVendor URL: http://www.deluxebb.com/\n[Secunia Advisory ID:16819](https://secuniaresearch.flexerasoftware.com/advisories/16819/)\n[Related OSVDB ID: 19405](https://vulners.com/osvdb/OSVDB:19405)\n[Related OSVDB ID: 19408](https://vulners.com/osvdb/OSVDB:19408)\n[Related OSVDB ID: 19404](https://vulners.com/osvdb/OSVDB:19404)\n[Related OSVDB ID: 19406](https://vulners.com/osvdb/OSVDB:19406)\nISS X-Force ID: 22273\n[CVE-2005-2989](https://vulners.com/cve/CVE-2005-2989)\nBugtraq ID: 14851\n", "affectedSoftware": [{"name": "DeluxeBB", "version": "1.0", "operator": "eq"}, {"name": "DeluxeBB", "version": "1.05", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-04-28T13:20:15", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2989"]}, {"type": "osvdb", "idList": ["OSVDB:19406", "OSVDB:19405", "OSVDB:19408", "OSVDB:19404"]}, {"type": "exploitdb", "idList": ["EDB-ID:26267", "EDB-ID:26264", "EDB-ID:26266"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231019750"]}, {"type": "nessus", "idList": ["DELUXEBB_SQL_INJECTION.NASL"]}], "modified": "2017-04-28T13:20:15", "rev": 2}, "vulnersScore": 7.5}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "cvelist": ["CVE-2005-2989"], "id": "OSVDB:19407", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:24:38", "description": "Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php.", "edition": 4, "cvss3": {}, "published": "2005-09-20T00:03:00", "title": "CVE-2005-2989", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2989"], "modified": "2011-03-08T02:25:00", "cpe": ["cpe:/a:deluxebb:deluxebb:1.0", "cpe:/a:deluxebb:deluxebb:1.05"], "id": "CVE-2005-2989", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2989", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*", "cpe:2.3:a:deluxebb:deluxebb:1.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-2989"], "edition": 1, "description": "## Vulnerability Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'topic.php' script not properly sanitizing user-supplied input to the 'tid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'topic.php' script not properly sanitizing user-supplied input to the 'tid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/topic.php?tid=[code]\n## References:\nVendor URL: http://www.deluxebb.com/\n[Secunia Advisory ID:16819](https://secuniaresearch.flexerasoftware.com/advisories/16819/)\n[Related OSVDB ID: 19405](https://vulners.com/osvdb/OSVDB:19405)\n[Related OSVDB ID: 19407](https://vulners.com/osvdb/OSVDB:19407)\n[Related OSVDB ID: 19408](https://vulners.com/osvdb/OSVDB:19408)\n[Related OSVDB ID: 19406](https://vulners.com/osvdb/OSVDB:19406)\nISS X-Force ID: 22273\n[CVE-2005-2989](https://vulners.com/cve/CVE-2005-2989)\nBugtraq ID: 14851\n", "modified": "2005-09-15T06:06:35", "published": "2005-09-15T06:06:35", "href": "https://vulners.com/osvdb/OSVDB:19404", "id": "OSVDB:19404", "title": "DeluxeBB topic.php tid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-2989"], "edition": 1, "description": "## Vulnerability Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'misc.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'misc.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/misc.php?sub=profile&uid=[code]\n## References:\nVendor URL: http://www.deluxebb.com/\n[Secunia Advisory ID:16819](https://secuniaresearch.flexerasoftware.com/advisories/16819/)\n[Related OSVDB ID: 19407](https://vulners.com/osvdb/OSVDB:19407)\n[Related OSVDB ID: 19408](https://vulners.com/osvdb/OSVDB:19408)\n[Related OSVDB ID: 19404](https://vulners.com/osvdb/OSVDB:19404)\n[Related OSVDB ID: 19406](https://vulners.com/osvdb/OSVDB:19406)\nISS X-Force ID: 22273\n[CVE-2005-2989](https://vulners.com/cve/CVE-2005-2989)\nBugtraq ID: 14851\n", "modified": "2005-09-15T06:06:35", "published": "2005-09-15T06:06:35", "href": "https://vulners.com/osvdb/OSVDB:19405", "id": "OSVDB:19405", "title": "DeluxeBB misc.php uid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-2989"], "edition": 1, "description": "## Vulnerability Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forums.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forums.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/forums.php?fid=[code]\n## References:\nVendor URL: http://www.deluxebb.com/\n[Secunia Advisory ID:16819](https://secuniaresearch.flexerasoftware.com/advisories/16819/)\n[Related OSVDB ID: 19405](https://vulners.com/osvdb/OSVDB:19405)\n[Related OSVDB ID: 19407](https://vulners.com/osvdb/OSVDB:19407)\n[Related OSVDB ID: 19408](https://vulners.com/osvdb/OSVDB:19408)\n[Related OSVDB ID: 19404](https://vulners.com/osvdb/OSVDB:19404)\nISS X-Force ID: 22273\n[CVE-2005-2989](https://vulners.com/cve/CVE-2005-2989)\nBugtraq ID: 14851\n", "modified": "2005-09-15T06:06:35", "published": "2005-09-15T06:06:35", "href": "https://vulners.com/osvdb/OSVDB:19406", "id": "OSVDB:19406", "title": "DeluxeBB forums.php fid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-2989"], "edition": 1, "description": "## Vulnerability Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'newpost.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'newpost.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/newpost.php?sub=newthread&fid=[code]\n## References:\nVendor URL: http://www.deluxebb.com/\n[Secunia Advisory ID:16819](https://secuniaresearch.flexerasoftware.com/advisories/16819/)\n[Related OSVDB ID: 19405](https://vulners.com/osvdb/OSVDB:19405)\n[Related OSVDB ID: 19407](https://vulners.com/osvdb/OSVDB:19407)\n[Related OSVDB ID: 19404](https://vulners.com/osvdb/OSVDB:19404)\n[Related OSVDB ID: 19406](https://vulners.com/osvdb/OSVDB:19406)\nISS X-Force ID: 22273\n[CVE-2005-2989](https://vulners.com/cve/CVE-2005-2989)\nBugtraq ID: 14851\n", "modified": "2005-09-15T06:06:35", "published": "2005-09-15T06:06:35", "href": "https://vulners.com/osvdb/OSVDB:19408", "id": "OSVDB:19408", "title": "DeluxeBB newpost.php fid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-05-12T15:08:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2989"], "description": "The remote host is using DeluxeBB, a web application forum written in PHP.\n\n Multiple vulnerabilities exist in this version which may allow an attacker to execute arbitrary SQL queries\n against the database.", "modified": "2020-05-08T00:00:00", "published": "2006-03-26T00:00:00", "id": "OPENVAS:136141256231019750", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231019750", "type": "openvas", "title": "DeluxeBB Multiple SQL injection flaws", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# DeluxeBB Multiple SQL injection flaws\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:deluxebb:deluxebb\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.19750\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)\");\n script_cve_id(\"CVE-2005-2989\");\n script_bugtraq_id(14851);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"DeluxeBB Multiple SQL injection flaws\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2005 David Maciejak\");\n script_family(\"Web application abuses\");\n script_dependencies(\"deluxeBB_detect.nasl\");\n script_mandatory_keys(\"deluxebb/installed\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"summary\", value:\"The remote host is using DeluxeBB, a web application forum written in PHP.\n\n Multiple vulnerabilities exist in this version which may allow an attacker to execute arbitrary SQL queries\n against the database.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe: CPE, port: port))\n exit(0);\nif (dir == \"/\")\n dir = \"\";\n\nurl = dir + \"/topic.php?tid='select\";\n\nif (http_vuln_check(port: port, url: url, pattern: \"Error querying the database\",\n extra_check: \"DeluxeBB tried to execute: SELECT\" )) {\n report = http_report_vuln_url(port: port, url: url);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T03:12:49", "description": "DeluxeBB 1.0 forums.php fid Parameter SQL Injection. CVE-2005-2989. Webapps exploit for php platform", "published": "2005-09-15T00:00:00", "type": "exploitdb", "title": "DeluxeBB 1.0 forums.php fid Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-2989"], "modified": "2005-09-15T00:00:00", "id": "EDB-ID:26266", "href": "https://www.exploit-db.com/exploits/26266/", "sourceData": "source: http://www.securityfocus.com/bid/14851/info\r\n \r\nDeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries.\r\n \r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. \r\n\r\nhttp://www.example.com/forums.php?fid=[code]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26266/"}, {"lastseen": "2016-02-03T03:12:57", "description": "DeluxeBB 1.0 pm.php uid Parameter SQL Injection. CVE-2005-2989. Webapps exploit for php platform", "published": "2005-09-15T00:00:00", "type": "exploitdb", "title": "DeluxeBB 1.0 pm.php uid Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-2989"], "modified": "2005-09-15T00:00:00", "id": "EDB-ID:26267", "href": "https://www.exploit-db.com/exploits/26267/", "sourceData": "source: http://www.securityfocus.com/bid/14851/info\r\n \r\nDeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries.\r\n \r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. \r\n\r\nhttp://www.example.com/pm.php?sub=newpm&uid=[code]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26267/"}, {"lastseen": "2016-02-03T03:12:31", "description": "DeluxeBB 1.0 topic.php tid Parameter SQL Injection. CVE-2005-2989. Webapps exploit for php platform", "published": "2005-09-15T00:00:00", "type": "exploitdb", "title": "DeluxeBB 1.0 topic.php tid Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-2989"], "modified": "2005-09-15T00:00:00", "id": "EDB-ID:26264", "href": "https://www.exploit-db.com/exploits/26264/", "sourceData": "source: http://www.securityfocus.com/bid/14851/info\r\n\r\nDeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries.\r\n\r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. \r\n\r\nhttp://www.example.com/topic.php?tid=[code]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26264/"}], "nessus": [{"lastseen": "2021-01-20T10:03:32", "description": "The remote host is using DeluxeBB, a web application forum written in\nPHP. \n\nThe installed version of this software fails to sanitize input to\nseveral parameters and scripts before using it to generate SQL\nqueries. Provided PHP's 'magic_quotes_gpc' setting is disabled, an\nattacker may be able to leverage these issues to manipulate database\nqueries.", "edition": 18, "published": "2005-09-19T00:00:00", "title": "DeluxeBB Multiple Scripts SQL Injection", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2989"], "modified": "2005-09-19T00:00:00", "cpe": [], "id": "DELUXEBB_SQL_INJECTION.NASL", "href": "https://www.tenable.com/plugins/nessus/19750", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19750);\n script_version(\"1.20\");\n\n script_cve_id(\"CVE-2005-2989\");\n script_bugtraq_id(14851);\n script_xref(name:\"Secunia\", value:\"16819\");\n \n script_name(english:\"DeluxeBB Multiple Scripts SQL Injection\");\n script_summary(english:\"Checks DeluxeBB version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a PHP application that is affected by\nmultiple SQL injection flaws.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is using DeluxeBB, a web application forum written in\nPHP. \n\nThe installed version of this software fails to sanitize input to\nseveral parameters and scripts before using it to generate SQL\nqueries. Provided PHP's 'magic_quotes_gpc' setting is disabled, an\nattacker may be able to leverage these issues to manipulate database\nqueries.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to DeluxeBB version 1.05 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\n\"2005/09/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80, embedded:TRUE);\nif ( ! can_host_php(port:port) ) exit(0);\n\nfunction check(loc, port)\n{\n local_var r, req;\n\n req = http_get(item:string(loc, \"/topic.php?tid='select\"), port:port);\n r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);\n if(isnull(r))exit(0);\n if ((\"Error querying the database\" >< r) && (\"DeluxeBB tried to execute: SELECT\" >< r))\n {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n\nforeach dir (cgi_dirs())\n{\n check(loc:dir, port:port);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
