ID OSVDB:3860 Type osvdb Reporter Andrew Ziem(ahziem1@mailbolt.com) Modified 2003-10-06T06:58:45
Description
Vulnerability Description
PHP Prayer Board contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that an unknown variable in the prayerboard.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Solution Description
Upgrade to version 0.52 or higher, as it has been reported to fix this
vulnerability. An upgrade is required as there are no known workarounds.
Short Description
PHP Prayer Board contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that an unknown variable in the prayerboard.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
{"type": "osvdb", "published": "2003-10-06T06:58:45", "href": "https://vulners.com/osvdb/OSVDB:3860", "hashmap": [{"key": "affectedSoftware", "hash": "5ffc23c2c973aa4c005693bfd45d1b70"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "b107b00b08afc832ef9dd19b0ee89e5e"}, {"key": "href", "hash": "bbbffb727c0883bc50d0e828d3092567"}, {"key": "modified", "hash": "b582a92a6666b307cb4878af739e8b7a"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "b582a92a6666b307cb4878af739e8b7a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "642869dcadb4aca4c6cbd54723473081"}, {"key": "title", "hash": "7170b656d5d5813d67e7c760ff7b70f3"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Andrew Ziem(ahziem1@mailbolt.com)", "title": "PHP Prayer Board prayerboard.php SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "0.51", "name": "PHP Prayer Board"}], "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "references": [], "id": "OSVDB:3860", "hash": "0e488592f58fe4ca88c32dde3d4225eda621320d589c56fc3c8106af201c8e0f", "lastseen": "2017-04-28T13:19:58", "cvelist": [], "modified": "2003-10-06T06:58:45", "description": "## Vulnerability Description\nPHP Prayer Board contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that an unknown variable in the prayerboard.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nUpgrade to version 0.52 or higher, as it has been reported to fix this \nvulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP Prayer Board contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that an unknown variable in the prayerboard.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## References:\nVendor URL: http://phpprayerboard.sourceforge.net/\n[Vendor Specific Advisory URL](http://sourceforge.net/project/shownotes.php?release_id=188861)\n[Secunia Advisory ID:9939](https://secuniaresearch.flexerasoftware.com/advisories/9939/)\n[Related OSVDB ID: 3865](https://vulners.com/osvdb/OSVDB:3865)\nISS X-Force ID: 13497\nBugtraq ID: 8774\n"}
