CVE-2011-4066

Gnuboard < 4.33.02 - SQL Injection via PATH_INFO

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4066. PoCs published by flyh4t.

AI-analyzed exploit summary The exploit describes a SQL injection vulnerability in Gnuboard <= 4.33.02 via the PATH_INFO variable in /bbs/tb.php. The vulnerability arises due to improper handling of user-supplied input in the $bo_table variable, allowing arbitrary SQL code execution.

Description

SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.

Exploits (1)

exploitdb WRITEUP
by flyh4t · textwebappsphp
https://www.exploit-db.com/exploits/17992

The exploit describes a SQL injection vulnerability in Gnuboard <= 4.33.02 via the PATH_INFO variable in /bbs/tb.php. The vulnerability arises due to improper handling of user-supplied input in the $bo_table variable, allowing arbitrary SQL code execution.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Gnuboard <= 4.33.02
No auth needed
Prerequisites: Access to the target web application · PATH_INFO variable not sanitized
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50173
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/70686
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026197
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17992

Scores

EPSS 0.0167
EPSS Percentile 73.9%

Details

CWE
CWE-89
Status published
Products (13)
sir/gnuboard 3.30
sir/gnuboard 3.31
sir/gnuboard 3.32
sir/gnuboard 3.33
sir/gnuboard 3.34
sir/gnuboard 3.35
sir/gnuboard 3.36
sir/gnuboard 3.37
sir/gnuboard 3.38
sir/gnuboard 3.39
... and 3 more
Published Nov 04, 2011
Tracked Since Feb 18, 2026