Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-1947. PoCs published by girex.
AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Unclassified NewsBoard 1.6.4, including SQL injection, log file disclosure, and local file inclusion leading to remote command execution. The PoC provides detailed technical analysis and proof-of-concept payloads for each vulnerability.
Description
SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686.
Exploits (1)
This exploit demonstrates multiple vulnerabilities in Unclassified NewsBoard 1.6.4, including SQL injection, log file disclosure, and local file inclusion leading to remote command execution. The PoC provides detailed technical analysis and proof-of-concept payloads for each vulnerability.