Vulnerability Description
benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pybb Project | Pybb | < 0.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2Patch
- https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95ggMitigationPatchThird Party Advisory
- https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2Patch
- https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95ggMitigationPatchThird Party Advisory
FAQ
What is CVE-2023-34249?
CVE-2023-34249 is a vulnerability with a CVSS score of 9.8 (CRITICAL). benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dca...
How severe is CVE-2023-34249?
CVE-2023-34249 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-34249?
Check the references section above for vendor advisories and patch information. Affected products include: Pybb Project Pybb.