Vulnerabilities > CVE-2004-0323 - Unspecified vulnerability in XMB Forum XMB 1.8/1.8Sp1/1.8Sp2

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
xmb-forum
exploit available
NVD
Published: 2004-12-31
Updated: 2024-11-20

Summary

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.

Vulnerable Configurations

Part Description Count
Application
Xmb_Forum
3

Exploit-Db

descriptionXMB Forum 1.8 forumdisplay.php Multiple Parameter SQL Injection. CVE-2004-0323. Webapps exploit for php platform
idEDB-ID:23748
last seen2016-02-02
modified2004-02-23
published2004-02-23
reporterJanek Vind
sourcehttps://www.exploit-db.com/download/23748/
titleXMB Forum 1.8 forumdisplay.php Multiple Parameter SQL Injection

Statements

contributor
lastmodified2008-12-11
organizationXMB
statementXMB versions 1.9.8 SP2 and later were checked and are not vulnerable.

References