PT-2014-8881 · Pbboard · Pbboard

Publicado

2014-12-05

Atualizado

2018-10-09

CVE-2014-9215

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PBBoard version 3.0.1 before 20141128

Description A SQL injection issue exists in the CheckEmail function, allowing remote attackers to execute arbitrary SQL commands via the email parameter in the register page to "index.php".

Recommendations For PBBoard version 3.0.1 before 20141128, consider updating to a version released after 20141128 to resolve the issue. As a temporary workaround, restrict access to the register page or avoid using the email parameter in the "index.php" endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2014-9215

Produtos afetados

Pbboard

PT-2014-8881 · Pbboard · Pbboard

CVE-2014-9215

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5