Vulnerability Description
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wowbb | Wowbb Web Forum | 1.61 |
References
- http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html
- http://www.maxpatrol.com/advdetails.asp?id=7Exploit
- http://www.securityfocus.com/bid/11429
- http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html
- http://www.maxpatrol.com/advdetails.asp?id=7Exploit
- http://www.securityfocus.com/bid/11429
FAQ
What is CVE-2004-2181?
CVE-2004-2181 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id par...
How severe is CVE-2004-2181?
CVE-2004-2181 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2181?
Check the references section above for vendor advisories and patch information. Affected products include: Wowbb Wowbb Web Forum.