Vulnerabilities > CVE-2004-1966 - Input Validation vulnerability in OpenBB
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Exploit-Db
description OpenBB 1.0.x post.php Multiple Parameter SQL Injection. CVE-2004-1966. Webapps exploit for php platform id EDB-ID:24059 last seen 2016-02-02 modified 2004-04-26 published 2004-04-26 reporter JeiAr source https://www.exploit-db.com/download/24059/ title OpenBB 1.0.x post.php Multiple Parameter SQL Injection description OpenBB 1.0.x member.php Multiple Parameter SQL Injection. CVE-2004-1966. Webapps exploit for php platform id EDB-ID:24057 last seen 2016-02-02 modified 2004-04-26 published 2004-04-26 reporter JeiAr source https://www.exploit-db.com/download/24057/ title OpenBB 1.0.x member.php Multiple Parameter SQL Injection description OpenBB 1.0.x search.php q Parameter SQL Injection. CVE-2004-1966. Webapps exploit for php platform id EDB-ID:24058 last seen 2016-02-02 modified 2004-04-26 published 2004-04-26 reporter JeiAr source https://www.exploit-db.com/download/24058/ title OpenBB 1.0.x search.php q Parameter SQL Injection description OpenBB 1.0.x board.php FID Parameter SQL Injection. CVE-2004-1966. Webapps exploit for php platform id EDB-ID:24056 last seen 2016-02-02 modified 2004-04-26 published 2004-04-26 reporter JeiAr source https://www.exploit-db.com/download/24056/ title OpenBB 1.0.x board.php FID Parameter SQL Injection