Vulnerabilities > CVE-2005-2580 - SQL Injection vulnerability in Mybulletinboard 1.00Rc4Securitypatch
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description MyBulletinBoard RC4 search.php action Parameter SQL Injection. CVE-2005-2580 . Webapps exploit for php platform id EDB-ID:26150 last seen 2016-02-03 modified 2005-08-12 published 2005-08-12 reporter phuket source https://www.exploit-db.com/download/26150/ title MyBulletinBoard RC4 - search.php action Parameter SQL Injection description MyBulletinBoard RC4 polls.php polloptions Parameter SQL Injection. CVE-2005-2580 . Webapps exploit for php platform id EDB-ID:26149 last seen 2016-02-03 modified 2005-08-12 published 2005-08-12 reporter phuket source https://www.exploit-db.com/download/26149/ title MyBulletinBoard RC4 polls.php polloptions Parameter SQL Injection description MyBulletinBoard RC4 index.php Username Parameter SQL Injection. CVE-2005-2580. Webapps exploit for php platform id EDB-ID:26147 last seen 2016-02-03 modified 2005-08-12 published 2005-08-12 reporter phuket source https://www.exploit-db.com/download/26147/ title MyBulletinBoard RC4 index.php Username Parameter SQL Injection description MyBulletinBoard RC4 member.php Multiple Parameter SQL Injection. CVE-2005-2580. Webapps exploit for php platform id EDB-ID:26148 last seen 2016-02-03 modified 2005-08-12 published 2005-08-12 reporter phuket source https://www.exploit-db.com/download/26148/ title MyBulletinBoard RC4 member.php Multiple Parameter SQL Injection
Nessus
NASL family | CGI abuses |
NASL id | MYBB_FID_SQL_INJECTION.NASL |
description | The version of MyBB installed on the remote host is affected by multiple SQL injection vulnerabilities : - Multiple SQL injection vulnerabilities exist due to improper sanitization of user-supplied input passed via the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19525 |
published | 2005-08-30 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19525 |
title | MyBB <= 1.00 RC4 Multiple SQL Injection Vulnerabilities |
code |
|