Vulnerability Description
bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Minibb | Minibb | <= 3.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/61794
- http://security.szurek.pl/minibb-31-blind-sql-injection.htmlExploit
- http://www.minibb.com/forums/news-9/blind-sql-injection-fix-6430.htmlVendor Advisory
- http://secunia.com/advisories/61794
- http://security.szurek.pl/minibb-31-blind-sql-injection.htmlExploit
- http://www.minibb.com/forums/news-9/blind-sql-injection-fix-6430.htmlVendor Advisory
FAQ
What is CVE-2014-9254?
CVE-2014-9254 is a vulnerability with a CVSS score of 7.5 (HIGH). bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to ...
How severe is CVE-2014-9254?
CVE-2014-9254 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9254?
Check the references section above for vendor advisories and patch information. Affected products include: Minibb Minibb.