ID OSVDB:5661Type osvdbReporter Albert Puigsech Galicia(ripe@7a69ezine.org)Modified 2003-04-25T00:00:00
Description
Vulnerability Description
OpenBB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "UID" variable in the "member.php" script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
OpenBB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "UID" variable in the "member.php" script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Manual Testing Notes
http://[victim]/member.php?action=profile&UID=1[SQL Query]
References:
Vendor URL: http://www.openbb.com
Related OSVDB ID: 3342
Related OSVDB ID: 5659
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-04/0325.html
ISS X-Force ID: 11884
Bugtraq ID: 7405
{"title": "OpenBB member.php UID Variable SQL Injection", "published": "2003-04-25T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "cvelist": [], "viewCount": 0, "affectedSoftware": [{"version": "1.0.6", "name": "Open Bulletin Board", "operator": "eq"}, {"version": "1.0.2", "name": "Open Bulletin Board", "operator": "eq"}, {"version": "1.0.5", "name": "Open Bulletin Board", "operator": "eq"}, {"version": "1.0.3", "name": "Open Bulletin Board", "operator": "eq"}, {"version": "1.0.4", "name": "Open Bulletin Board", "operator": "eq"}, {"version": "1.0.1", "name": "Open Bulletin Board", "operator": "eq"}], "hash": "91117c262fe9e48c4bed27ba0c3783ff22d623221b3e8351c1e7538187a34d68", "id": "OSVDB:5661", "modified": "2003-04-25T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:5661", "hashmap": [{"hash": "29cdd50e023d7dc709ac1b5c9e298ce2", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "cfb4e4b49061f05eba1abf8343862fa4", "key": "description"}, {"hash": "f24f29ef29b50c4f613c4f7dcc2672c5", "key": "href"}, {"hash": "ea2da374c79f0a2b665d7a67653a44c2", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "ea2da374c79f0a2b665d7a67653a44c2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8b1ab2cc0bc8a6d47c3c354e9e4b55e0", "key": "reporter"}, {"hash": "2d738e4f8c3ab6ce4066431c6041624b", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "## Vulnerability Description\nOpenBB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the \"UID\" variable in the \"member.php\" script is not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nOpenBB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the \"UID\" variable in the \"member.php\" script is not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## Manual Testing Notes\nhttp://[victim]/member.php?action=profile&UID=1[SQL Query]\n## References:\nVendor URL: http://www.openbb.com\n[Related OSVDB ID: 3342](https://vulners.com/osvdb/OSVDB:3342)\n[Related OSVDB ID: 5659](https://vulners.com/osvdb/OSVDB:5659)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-04/0325.html\nISS X-Force ID: 11884\nBugtraq ID: 7405\n", "bulletinFamily": "software", "reporter": "Albert Puigsech Galicia(ripe@7a69ezine.org)", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-04-28T13:20:00"}
{}
