CVE-2011-0443

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions tinyBB version 1.2

Description The issue allows remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This can be achieved via the id parameter in a profile action to "index.php".

Recommendations For tinyBB version 1.2, consider disabling the profile action to index.php or restricting access to the id parameter until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of exploitation.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2011-0443

Affected Products

Tinybb

CVE-2011-0443

Weakness Enumeration

Related Identifiers

Affected Products

References · 10