SQL Injection Vulnerability in miniBB

/1 Comment/in /by

SQL Injection Vulnerability in miniBB

Vector: Remote
Severity: Medium
Patch: Patched
Impact: Data Manipulation
Software: miniBB 3.x , vulnerable versions: <3.1 released on 2014-11-27

SQL inection vulnerability was reported in miniBB.

Vulnerability is caused by an input validation error while processing the code parameter in bb_func_unsub.php, when “action” is set to “unsubscribe”. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.

Further exploitation of this vulnerability may result in unauthorized data manipulation.

Solution:
For miniBB 3.x: Update to version 3.1 released on 2014-11-27.
Links:

You might also like
Win Bitcoins, booze and cash! Be the first to crack the iPhone’s Touch ID fingerprint sensor…
Not good enough, Oracle – promises to secure Java are too little, too late
SQL Injection Vulnerability in WordPress Cart66 Lite Plugin
Microsoft announces five Bulletins for Patch Tuesday, including Office for Mac
Websites Harbor Fewer Flaws, But Most Have At Least One Serious Vulnerability
Blackberry releases first security fixes for new Z10 smartphone
1 reply

Trackbacks & Pingbacks

  1. Internet Crime Fighters Organization SQL injection vulnerabilities - Internet Crime Fighters Organization says:
    2015-01-22 at 8:09 PM

    […] SQL Injection Vulnerability in miniBB […]

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.