SQL Injection Vulnerability in miniBB

SQL Injection Vulnerability in miniBB

Vector: Remote
Severity: Medium
Patch: Patched
Impact: Data Manipulation
Software: miniBB 3.x , vulnerable versions: <3.1 released on 2014-11-27

SQL inection vulnerability was reported in miniBB.

Vulnerability is caused by an input validation error while processing the code parameter in bb_func_unsub.php, when “action” is set to “unsubscribe”. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.

Further exploitation of this vulnerability may result in unauthorized data manipulation.

Solution:
For miniBB 3.x: Update to version 3.1 released on 2014-11-27.
Links:

1 Trackbacks & Pingbacks

  1. Internet Crime Fighters Organization SQL injection vulnerabilities - Internet Crime Fighters Organization

Leave a Reply

Your email address will not be published.


*


error: Content is protected !!