[VIM] WowBB - Partial Rediscovery of view_user.php/sort_by vector
Steven M. Christey
coley at mitre.org
Tue Dec 20 18:23:59 EST 2005
Re: MISC:http://pridels.blogspot.com/2005/11/wowbb-165-sql-vuln.html
view_user.php/sort_by vector was previously published in CVE-2004-2181
for an earlier version.
(Note that r0t mentions a previous disclosure)
- Steve
======================================================
Name: CVE-2004-2181
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2181
Reference: MISC:http://www.maxpatrol.com/advdetails.asp?id=7
Reference: BID:11429
Reference: URL:http://www.securityfocus.com/bid/11429
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow
remote attackers to execute arbitrary SQL commands via the (1) sort_by
or (2) page parameters to view_user.php, or the (3) forum_id parameter
to view_topic.php.
More information about the VIM
mailing list