CVE-2008-5578

Properties

Published:
14.12.2008
Updated:
29.01.2009
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
scssboard: scssboard
scssboard: scssboard
scssboard: scssboard
scssboard: scssboard

Vulnerability description

Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values.

References:

BID: http://www.securityfocus.com/bid/27866
MILW0RM: http://www.milw0rm.com/exploits/5149
SREASON: http://securityreason.com/securityalert/4739