ttCMS 2.2/2.3 / ttForum 1.1 – ‘index.php’ Instant-Messages Preferences SQL Injection

ttCMS 2.2/2.3 / ttForum 1.1 – ‘index.php’ Instant-Messages Preferences SQL Injection

漏洞ID 1053876 漏洞类型
发布时间 2003-05-20 更新时间 2003-05-20
图片[1]-ttCMS 2.2/2.3 / ttForum 1.1 – ‘index.php’ Instant-Messages Preferences SQL Injection-安全小百科CVE编号 N/A
图片[2]-ttCMS 2.2/2.3 / ttForum 1.1 – ‘index.php’ Instant-Messages Preferences SQL Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22618
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7634/info

A problem with ttCMS/ttForum could make it possible for a remote user to launch SQL injection attacks.

It has been reported that a problem exists in the Instant-Messages script distributed as part of the software. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by the web forums.

It should be noted that the current version of YaBB SE, the Forum that ttForum was derived from, is not affected by this vulnerability. 

http://www.example.org/board/index.php?action=imprefs

Go to the Ignorelist-Textfield and enter:

',memberGroup='Administrator

相关推荐: Windows 95 文件任意读取漏洞

Windows 95 文件任意读取漏洞 漏洞ID 1206741 漏洞类型 未知 发布时间 1999-12-31 更新时间 1999-12-31 CVE编号 CVE-1999-1105 CNNVD-ID CNNVD-199912-146 漏洞平台 N/A CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享