{"title": "Thwboard Beta 2.8 calendar.php year Parameter SQL Injection", "bulletinFamily": "exploit", "published": "2014-07-01T00:00:00", "lastseen": "2017-11-19T17:24:45", "modified": "2014-07-01T00:00:00", "reporter": "Root", "viewCount": 2, "sourceHref": "https://www.seebug.org/vuldb/ssvid-80379", "status": "cve,poc", "href": "https://www.seebug.org/vuldb/ssvid-80379", "description": "No description provided by source.", "type": "seebug", "enchantments_done": [], "references": [], "enchantments": {"score": {"value": 0.7, "vector": "NONE", "modified": "2017-11-19T17:24:45", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T17:24:45", "rev": 2}, "vulnersScore": 0.7}, "sourceData": "\n source: http://www.securityfocus.com/bid/15763/info\r\n\r\nThWboard is prone to multiple input validation vulnerabilities.\r\n\r\nThe application is vulnerable to HTML injection, cross-site scripting, and SQL injection; these issues are due to a lack of proper sanitization of user-supplied input.\r\n\r\nA remote attacker may inject SQL, HTML and script code resulting in theft of cookie-based authentication credentials, arbitrary script code execution, and the passing of malicious input to the underlying database application.\r\n\r\nVersion 3 beta 2.8 is vulnerable; other versions may be affected. \r\n\r\nhttp://www.example.com/thwb/calendar.php?month=12&year='[SQL]\r\n\n ", "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "SSV:80379"}

{}