Vulnerability Description
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mybulletinboard | Mybulletinboard | <= 1.00_rc4 |
References
- http://marc.info/?l=bugtraq&m=111757191118050&w=2
- http://secunia.com/advisories/15552ExploitPatchVendor Advisory
- http://www.mybboard.com/community/showthread.php?tid=2559ExploitPatchVendor Advisory
- http://www.osvdb.org/17024
- http://marc.info/?l=bugtraq&m=111757191118050&w=2
- http://secunia.com/advisories/15552ExploitPatchVendor Advisory
- http://www.mybboard.com/community/showthread.php?tid=2559ExploitPatchVendor Advisory
- http://www.osvdb.org/17024
FAQ
What is CVE-2005-1833?
CVE-2005-1833 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to onl...
How severe is CVE-2005-1833?
CVE-2005-1833 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1833?
Check the references section above for vendor advisories and patch information. Affected products include: Mybulletinboard Mybulletinboard.