CVE-2004-1966

Openbb - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.

Exploits (4)

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24058

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24059

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24057

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24056

View Code ZIP pw:eip

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15964

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10214

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=108301983206107&w=2

Exploit third-party-advisory x_refsource_secunia

http://secunia.com/advisories/11481

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1009935

Scores

EPSS 0.0073

EPSS Percentile 72.9%

Details

Status published

Products (7)

openbb/openbb 1.0.0_beta1

openbb/openbb 1.0.0_rc1

openbb/openbb 1.0.0_rc2

openbb/openbb 1.0.0_rc3

openbb/openbb 1.0.5

openbb/openbb 1.0.6

openbb/openbb 1.0.8

Published Dec 31, 2004

Tracked Since Feb 18, 2026