CVE-2011-5137

Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the (1) TopicID parameter to viewtopic.php, the (2) BoardID parameter to viewboard.php, or (3) CatID parameter to viewcat.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/71975
http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/71975

Configurations

Configuration 1 (hide)

cpe:2.3:a:tforum:tforum:b0.915:*:*:*:*:*:*:*

History

21 Nov 2024, 01:33

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt - Exploit~~	() http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/71975 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/71975 -

Information

Published : 2012-08-31 21:55

Updated : 2024-11-21 01:33

NVD link : CVE-2011-5137

Mitre link : CVE-2011-5137

CVE.ORG link : CVE-2011-5137

JSON object : View

Products Affected

tforum

tforum

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.5 /10