UseBB Member List Search SQL Injection

2006-05-20T08:47:37
ID OSVDB:25685
Type osvdb
Reporter OSVDB
Modified 2006-05-20T08:47:37

Description

Vulnerability Description

UseBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the the member list search not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Upgrade to version 1.0 RC2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

UseBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the the member list search not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://www.usebb.net/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=93103&release_id=418462 Secunia Advisory ID:20187 Related OSVDB ID: 25684 FrSIRT Advisory: ADV-2006-1900 CVE-2006-2525