SQL Injection Vulnerability in miniBB
SQL Injection Vulnerability in miniBB
Vector: | Remote |
Severity: | Medium |
Patch: | Patched |
Impact: | Data Manipulation |
Software: | miniBB 3.x , vulnerable versions: <3.1 released on 2014-11-27 |
SQL inection vulnerability was reported in miniBB.
Vulnerability is caused by an input validation error while processing the code parameter in bb_func_unsub.php, when “action” is set to “unsubscribe”. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.
Further exploitation of this vulnerability may result in unauthorized data manipulation.
Solution:
For miniBB 3.x: Update to version 3.1 released on 2014-11-27.
Links:
Trackbacks & Pingbacks
[…] SQL Injection Vulnerability in miniBB […]
Leave a Reply
Want to join the discussion?Feel free to contribute!