Description
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/37614
References (7)
Core 7
Core References
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23101
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54916
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77501
Vendor Advisory, URL Repurposed x_refsource_misc
http://www.pbboard.com/forums/t10353.html
URL Repurposed x_refsource_misc
http://www.pbboard.com/forums/t10352.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/84480
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50153
Scores
EPSS
0.0035
EPSS Percentile
57.1%
Details
CWE
CWE-89
Status
published
Products (1)
pbboard/pbboard
2.1.4
Published
Aug 12, 2012
Tracked Since
Feb 18, 2026