PT-2011-2346 · Tinybb · Tinybb
Aodrulez
·
Publicado
2011-01-12
·
Atualizado
2024-02-14
·
CVE-2011-0443
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
tinyBB version 1.2
Description
The issue allows remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This can be achieved via the
id parameter in a profile action to "index.php".Recommendations
For tinyBB version 1.2, consider disabling the profile action to index.php or restricting access to the
id parameter until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of exploitation.Exploit
Correção
RCE
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tinybb