YABB 1.4.1 SE – ‘Reminder.php’ SQL Injection

YABB 1.4.1 SE – ‘Reminder.php’ SQL Injection

漏洞ID 1053685 漏洞类型
发布时间 2003-01-12 更新时间 2003-01-12
图片[1]-YABB 1.4.1 SE – ‘Reminder.php’ SQL Injection-安全小百科CVE编号 N/A
图片[2]-YABB 1.4.1 SE – ‘Reminder.php’ SQL Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22146
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/6591/info

It has been reported that a problem exists in the Reminder.php script distributed as part of YaBB SE. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by YaBB SE that could be used to reset or change the password of a user. 

http://www.example.com/yabbse/Reminder.php?searchtype=esearch&user=[yourusername]'%20or%20memberName='[otherusername]

相关推荐: Microsoft Windows File Locking DoS Vulnerability

Microsoft Windows File Locking DoS Vulnerability 漏洞ID 1102669 漏洞类型 Design Error 发布时间 2001-12-07 更新时间 2001-12-07 CVE编号 N/A CNNVD-ID…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享