CVE-2014-9254

Name of the Vulnerable Software and Affected Versions MiniBB versions 3.1 before 20141127

Description The issue allows remote attackers to conduct SQL injection attacks. This is due to an incorrect regular expression used in the bb func unsub.php file. The vulnerability can be exploited via the code parameter in an unsubscribe action to "index.php".

Recommendations For MiniBB version 3.1 before 20141127, update to a version released after 20141127 to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint for unsubscribe actions until a patch is available. Avoid using the code parameter in the unsubscribe action to minimize the risk of exploitation.