Sql injection

2013-01-1204:33:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON

Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, © index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.

CPENameOperatorVersion
elite_bulletin_boardeq2.1.12
elite_bulletin_boardeq2.1.15
elite_bulletin_boardle2.1.21
elite_bulletin_boardeq2.1.4
elite_bulletin_boardeq2.1.11
elite_bulletin_boardeq2.0.0
elite_bulletin_boardeq2.0.2
elite_bulletin_boardeq2.0.1
elite_bulletin_boardeq2.1.8
elite_bulletin_boardeq2.1.2

Name	Operator	Version
elite_bulletin_board	eq	2.1.12
elite_bulletin_board	eq	2.1.15
elite_bulletin_board	le	2.1.21
elite_bulletin_board	eq	2.1.4
elite_bulletin_board	eq	2.1.11
elite_bulletin_board	eq	2.0.0
elite_bulletin_board	eq	2.0.2
elite_bulletin_board	eq	2.0.1
elite_bulletin_board	eq	2.1.8
elite_bulletin_board	eq	2.1.2