Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-1833 | First vendor Publication | 2005-05-31 |
| Vendor | Cve | Last vendor Modification | 2016-10-18 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1833 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 17023 | MyBulletinBoard (MyBB) printthread.php tid Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' variable in the printthread.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
| 17022 | MyBulletinBoard (MyBB) usercp2.php tid Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' variable in the usercp2.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
| 17021 | MyBulletinBoard (MyBB) showthread.php Multiple Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' and 'pid' variables in the showthread.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
| 17020 | MyBulletinBoard (MyBB) search.php sid Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'sid' variable in the search.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
| 17019 | MyBulletinBoard (MyBB) newreply.php tid Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' variable in the newreply.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
| 17018 | MyBulletinBoard (MyBB) forumdisplay.php fid Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'fid' variable in the forumdisplay.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
| 17017 | MyBulletinBoard (MyBB) editpost.php pid Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'pid' variable in the editpost.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
| 17016 | MyBulletinBoard (MyBB) memberlist.php usersearch Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'usersearch' variable in the memberlist.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
| 17015 | MyBulletinBoard (MyBB) online.php pidsql Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'pidsql' variable in the online.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
| 17014 | MyBulletinBoard (MyBB) calendar.php eid Parameter SQL Injection MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'eid' variable in the calendar.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. |
Sources (Detail)
| Source | Url |
|---|---|
| BUGTRAQ | http://marc.info/?l=bugtraq&m=111757191118050&w=2 |
| CONFIRM | http://www.mybboard.com/community/showthread.php?tid=2559 |
| OSVDB | http://www.osvdb.org/17024 |
| SECUNIA | http://secunia.com/advisories/15552 |
Alert History
| Date | Informations |
|---|---|
| 2021-05-05 01:01:52 |
|
| 2021-05-04 12:03:00 |
|
| 2021-04-22 01:03:15 |
|
| 2020-05-23 01:36:43 |
|
| 2020-05-23 00:16:37 |
|
| 2016-10-18 12:01:42 |
|
| 2016-06-28 15:19:03 |
|
| 2016-04-26 13:35:08 |
|
| 2013-07-16 21:18:44 |
|
| 2013-05-11 11:26:53 |
|
