Description
Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jesper Jurcenoks · textwebappsphp
https://www.exploit-db.com/exploits/30035
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34258
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=117914598917534&w=2
Exploit, Vendor Advisory x_refsource_misc
http://www.netvigilance.com/advisory0019
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1816
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468536/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25279
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23964
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/33907
Scores
EPSS
0.0138
EPSS Percentile
80.4%
Details
Status
published
Products (1)
sonicbb/sonicbb
1.0
Published
May 14, 2007
Tracked Since
Feb 18, 2026