Description
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Claepo Wang · textwebappsphp
https://www.exploit-db.com/exploits/39116
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66228
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Mar/299
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91814
Scores
EPSS
0.0032
EPSS Percentile
55.3%
Details
CWE
CWE-89
Status
published
Products (6)
sir/gnuboard
4.31.3
sir/gnuboard
4.31.4
sir/gnuboard
4.33.2
sir/gnuboard
4.34.20
sir/gnuboard
4.34.21
sir/gnuboard
< 5.0
Published
Mar 19, 2014
Tracked Since
Feb 18, 2026