Vulnerability Description
Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xmb Forum | Xmb | 1.8 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html
- http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html
- http://marc.info/?l=bugtraq&m=107756526625179&w=2
- http://www.securityfocus.com/bid/9726ExploitPatch
- http://www.xmbforum.com/community/boards/viewthread.php?tid=746859
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15295
- http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html
- http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html
- http://marc.info/?l=bugtraq&m=107756526625179&w=2
- http://www.securityfocus.com/bid/9726ExploitPatch
- http://www.xmbforum.com/community/boards/viewthread.php?tid=746859
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15295
FAQ
What is CVE-2004-0323?
CVE-2004-0323 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.p...
How severe is CVE-2004-0323?
CVE-2004-0323 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0323?
Check the references section above for vendor advisories and patch information. Affected products include: Xmb Forum Xmb.