Vulnerabilities > CVE-2004-0323 - Unspecified vulnerability in XMB Forum XMB 1.8/1.8Sp1/1.8Sp2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xmb-forum
exploit available
NVD
Published: 2004-12-31
Updated: 2021-04-29

Summary

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.

Vulnerable Configurations

Part Description Count
Application
Xmb_Forum
3

Exploit-Db

descriptionXMB Forum 1.8 forumdisplay.php Multiple Parameter SQL Injection. CVE-2004-0323. Webapps exploit for php platform
idEDB-ID:23748
last seen2016-02-02
modified2004-02-23
published2004-02-23
reporterJanek Vind
sourcehttps://www.exploit-db.com/download/23748/
titleXMB Forum 1.8 forumdisplay.php Multiple Parameter SQL Injection

Statements

contributor
lastmodified2008-12-11
organizationXMB
statementXMB versions 1.9.8 SP2 and later were checked and are not vulnerable.

References