Vulnerability Description
Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jbb | Jbb | <= 0.9.9_rc3 |
References
- http://pridels0.blogspot.com/2005/11/jbb-sql-inj-vuln.html
- http://secunia.com/advisories/17727Vendor Advisory
- http://www.osvdb.org/21148
- http://www.osvdb.org/21149
- http://www.osvdb.org/21150
- http://www.osvdb.org/21151
- http://www.securityfocus.com/bid/15590
- http://www.vupen.com/english/advisories/2005/2620
- http://pridels0.blogspot.com/2005/11/jbb-sql-inj-vuln.html
- http://secunia.com/advisories/17727Vendor Advisory
- http://www.osvdb.org/21148
- http://www.osvdb.org/21149
- http://www.osvdb.org/21150
- http://www.osvdb.org/21151
- http://www.securityfocus.com/bid/15590
FAQ
What is CVE-2005-3871?
CVE-2005-3871 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) foru...
How severe is CVE-2005-3871?
CVE-2005-3871 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3871?
Check the references section above for vendor advisories and patch information. Affected products include: Jbb Jbb.