SQL Injection Vulnerability in miniBB

SQL Injection Vulnerability in miniBB

Vector: Remote
Severity: Medium
Patch: Patched
Impact: Data Manipulation
Software: miniBB 3.x , vulnerable versions: <3.1 released on 2014-11-27

SQL inection vulnerability was reported in miniBB.

Vulnerability is caused by an input validation error while processing the code parameter in bb_func_unsub.php, when “action” is set to “unsubscribe”. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.

Further exploitation of this vulnerability may result in unauthorized data manipulation.

For miniBB 3.x: Update to version 3.1 released on 2014-11-27.

1 reply

Trackbacks & Pingbacks

  1. Internet Crime Fighters Organization SQL injection vulnerabilities - Internet Crime Fighters Organization says:

    […] SQL Injection Vulnerability in miniBB […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.