CVE-2012-4034

PBBoard 2.1.4 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4034. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection vulnerabilities in PBBoard 2.1.4, allowing unauthorized database access and potential arbitrary file upload. The PoC includes crafted HTTP forms targeting various endpoints with SQLi payloads.

Description

Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge · textwebappsphp

https://www.exploit-db.com/exploits/37614

View Code ZIP pw:eip

This exploit demonstrates multiple SQL injection vulnerabilities in PBBoard 2.1.4, allowing unauthorized database access and potential arbitrary file upload. The PoC includes crafted HTTP forms targeting various endpoints with SQLi payloads.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PBBoard 2.1.4

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK