CVE-2007-1440
JGBBS 3.0 Beta 1 - SQL Injection via Search Author Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1440. PoCs published by WiLdBoY.
AI-analyzed exploit summary This is a functional SQL injection exploit targeting JGBBS 3.0beta1's search.asp page via the 'author' parameter. It demonstrates a UNION-based SQLi attack to leak user credentials (passwords and usernames) from the 'users' table.
Description
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by WiLdBoY · htmlwebappsasp
https://www.exploit-db.com/exploits/3470
This is a functional SQL injection exploit targeting JGBBS 3.0beta1's search.asp page via the 'author' parameter. It demonstrates a UNION-based SQLi attack to leak user credentials (passwords and usernames) from the 'users' table.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
JGBBS 3.0beta1
No auth needed
Prerequisites:
Target must be running JGBBS 3.0beta1 with exposed search.asp · SQL injection vulnerability must be unpatched
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462699/100/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22943
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0940
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2431
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3470
Scores
EPSS
0.0104
EPSS Percentile
59.5%
Details
Status
published
Products (1)
jgbbs/jgbbs
3.0 beta_1
Published
Mar 13, 2007
Tracked Since
Feb 18, 2026