SQL Injection Vulnerability in miniBB
|Software:||miniBB 3.x , vulnerable versions: <3.1 released on 2014-11-27|
SQL inection vulnerability was reported in miniBB.
Vulnerability is caused by an input validation error while processing the code parameter in bb_func_unsub.php, when “action” is set to “unsubscribe”. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.
Further exploitation of this vulnerability may result in unauthorized data manipulation.
For miniBB 3.x: Update to version 3.1 released on 2014-11-27.