CVE-2012-5874

Name of the Vulnerable Software and Affected Versions Elite Bulletin Board versions prior to 2.1.22

Description The issue concerns SQL injection vulnerabilities in the update whosonline reg and update whosonline guest functions. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via the PATH INFO to various PHP files, including "checkuser.php", "groups.php", "index.php", "login.php", "quicklogin.php", "register.php", "Search.php", "viewboard.php", and "viewtopic.php".

Recommendations For Elite Bulletin Board versions prior to 2.1.22, update to version 2.1.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the update whosonline reg and update whosonline guest functions until a patch is available. Avoid using the vulnerable functions in the affected PHP files until the issue is resolved.