Vulnerabilities > CVE-2004-2456 - Remote SQL Injection vulnerability in MiniBB

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

minibb

nessus

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action.

Vulnerable Configurations

Part	Description	Count
Application	Minibb Minibb Minibb 1.2 Minibb Minibb 1.5 Minibb Minibb 1.6 Minibb Minibb 1.7 Minibb Minibb 1.7A Minibb Minibb 1.7C	6

Exploit-Db

description	miniBB - Input Validation Hole ('user'). CVE-2004-2456. Webapps exploit for php platform
id	EDB-ID:635
last seen	2016-01-31
modified	2004-11-16
published	2004-11-16
reporter	N/A
source	https://www.exploit-db.com/download/635/
title	miniBB - Input Validation Hole 'user'

Nessus

NASL family	CGI abuses
NASL id	MINIBB_SQL.NASL
description	The remote host is using the miniBB forum management system. According to its version number, this forum is vulnerable to a SQL injection attack. Input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	15763
published	2004-11-19
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15763
title	miniBB index.php user Parameter SQL Injection
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15763); script_version ("1.17"); script_cve_id("CVE-2004-2456"); script_bugtraq_id(11688); script_name(english:"miniBB index.php user Parameter SQL Injection"); script_summary(english:"Determine if MiniBB can be used to execute arbitrary SQL commands"); script_set_attribute( attribute:"synopsis", value: "A web application on the remote host has a SQL injection vulnerability." ); script_set_attribute( attribute:"description", value: "The remote host is using the miniBB forum management system. According to its version number, this forum is vulnerable to a SQL injection attack. Input to the 'user' parameter of index.php not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL queries against the remote database." ); script_set_attribute( attribute:"solution", value:"Upgrade to miniBB 1.7f or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/19"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/10/28"); script_cvs_date("Date: 2018/06/13 18:56:28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencie("minibb_xss.nasl"); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); kb = get_kb_item("www/" + port + "/minibb"); if ( ! kb ) exit(0); matches = eregmatch(string:kb, pattern:"^(.+) under (.*)$"); if ( ereg(pattern:"^(0\.\|1\.[0-6][^0-9]\|7([a-e]\|$))", string:matches[1]) ) { security_hole(port); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References