ByteOS Network

NVD Vulnerability Details :

CVE-2004-2754

Deferred

Source-cve@mitre.org

Published At-31 Dec, 2004 | 05:00

Updated At-03 Apr, 2025 | 01:03

SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://securityreason.com/securityalert/3371	cve@mitre.org	N/A
http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105	cve@mitre.org	Patch
http://www.osvdb.org/3618	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/350244	cve@mitre.org	Exploit
http://www.securityfocus.com/bid/9449	cve@mitre.org	Patch
http://www.securitytracker.com/id?1008764	cve@mitre.org	N/A
http://www.yabbse.org/community/index.php?thread=27122	cve@mitre.org	N/A
http://securityreason.com/securityalert/3371	af854a3a-2127-422b-91ae-364da2661108	N/A
http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.osvdb.org/3618	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/350244	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.securityfocus.com/bid/9449	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.securitytracker.com/id?1008764	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.yabbse.org/community/index.php?thread=27122	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History