PT-2008-4429 · Gbx · Gravity Board X

Publicado

2008-07-03

Atualizado

2017-09-29

CVE-2008-2996

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Gravity Board X (GBX) version 2.0 Beta

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the searchquery parameter in a "getsearch" action and the board id parameter in a "viewboard" action, when magic quotes gpc is disabled.

Recommendations For Gravity Board X (GBX) version 2.0 Beta, consider disabling the getsearch and viewboard actions until a patch is available, or enable magic quotes gpc to prevent SQL injection attacks. Avoid using the searchquery and board id parameters in the affected actions until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2008-2996

Produtos afetados

Gravity Board X

PT-2008-4429 · Gbx · Gravity Board X

CVE-2008-2996

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6