Vulnerabilities > CVE-2007-1902 - SQL Injection vulnerability in Sonicbb 1.0

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
sonicbb
exploit available

Summary

Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php. Successful exploitation requires that "magic_quotes_gpc" is disabled.

Vulnerable Configurations

Part Description Count
Application
Sonicbb
1

Exploit-Db

descriptionSonicBB 1.0 Multiple SQL Injection Vulnerabilities. CVE-2007-1902. Webapps exploit for php platform
idEDB-ID:30035
last seen2016-02-03
modified2007-05-14
published2007-05-14
reporterJesper Jurcenoks
sourcehttps://www.exploit-db.com/download/30035/
titleSonicBB 1.0 - Multiple SQL Injection Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/56722/sbb-sql.txt
idPACKETSTORM:56722
last seen2016-12-05
published2007-05-15
reporterJesper Jurcenoks
sourcehttps://packetstormsecurity.com/files/56722/sbb-sql.txt.html
titlesbb-sql.txt