Vulnerabilities > CVE-2004-2062 - Input Validation vulnerability in AntiBoard
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Exploit-Db
| description | AntiBoard 0.6/0.7 antiboard.php Multiple Parameter SQL Injection. CVE-2004-2062. Webapps exploit for php platform |
| id | EDB-ID:24329 |
| last seen | 2016-02-02 |
| modified | 2004-07-28 |
| published | 2004-07-28 |
| reporter | Josh Gilmour |
| source | https://www.exploit-db.com/download/24329/ |
| title | AntiBoard 0.6/0.7 antiboard.php Multiple Parameter SQL Injection |
Nessus
| NASL family | CGI abuses |
| NASL id | ANTIBOARD_SQL_INJECTION.NASL |
| description | The remote host appears to be running the AntiBoard bulletin board system. There are multiple SQL injection vulnerabilities in the remote software that may allow an attacker to execute arbitrary SQL commands on the remote host, and possibly bypass the authentication mechanisms of AntiBoard. Note, AntiBoard is also affected by a cross-site scripting vulnerability, however Nessus has not tested this. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14187 |
| published | 2004-08-02 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14187 |
| title | AntiBoard antiboard.php Multiple Parameter SQL Injection |