Vulnerabilities > CVE-2005-2028 - Unspecified vulnerability in Mercuryboard Message Board 1.1.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | MercuryBoard <= 1.1.4 SQL Injection Exploit. CVE-2005-2028. Webapps exploit for php platform |
id | EDB-ID:1058 |
last seen | 2016-01-31 |
modified | 2005-06-21 |
published | 2005-06-21 |
reporter | RusH |
source | https://www.exploit-db.com/download/1058/ |
title | MercuryBoard <= 1.1.4 - SQL Injection Exploit |
Nessus
NASL family | CGI abuses |
NASL id | MERCURYBOARD_USER_AGENT_SQL_INJECTION.NASL |
description | The remote host is running MercuryBoard, an open source bulletin board system that uses PHP and MySQL. The installed version of MercuryBoard fails to remove malicious data from a User-Agent header before using it in a database query, making it prone to SQL injection attacks. An authenticated attacker can exploit this flaw to modify database updates, possibly modifying data and launching attacks against the underlying database. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18541 |
published | 2005-06-21 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18541 |
title | MercuryBoard User-Agent SQL Injection |
code |
|