Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.osvdb.org/24348 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.osvdb.org/24351 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.osvdb.org/24345 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.osvdb.org/24346 | vdb-entry x_refsource_OSVDB x_transferred |
| http://secunia.com/advisories/19486 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://www.osvdb.org/24343 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.securityfocus.com/archive/1/431064/100/0/threaded | mailing-list x_refsource_BUGTRAQ x_transferred |
| http://www.osvdb.org/24342 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.osvdb.org/24349 | vdb-entry x_refsource_OSVDB x_transferred |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25587 | vdb-entry x_refsource_XF x_transferred |
| http://www.osvdb.org/24352 | vdb-entry x_refsource_OSVDB x_transferred |
| http://evuln.com/vulns/117/summary.html | x_refsource_MISC x_transferred |
| http://www.vupen.com/english/advisories/2006/1197 | vdb-entry x_refsource_VUPEN x_transferred |
| http://www.osvdb.org/24347 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.osvdb.org/24350 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.osvdb.org/24341 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.securityfocus.com/bid/17352 | vdb-entry x_refsource_BID x_transferred |
| http://www.osvdb.org/24340 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.osvdb.org/24344 | vdb-entry x_refsource_OSVDB x_transferred |
Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 5.1 | MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |
Successful exploitation requires "magic_quotes_gpc" to be disabled.
Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters.