Description
SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534149/100/0/threaded
Exploit x_refsource_misc
https://www.youtube.com/watch?v=AQiGvH5xrJg
Various Sources x_refsource_misc
http://www.itas.vn/news/ITAS-Team-discovered-SQL-Injection-in-PBBoard-CMS-68.html
Scores
EPSS
0.0242
EPSS Percentile
85.2%
Details
CWE
CWE-89
Status
published
Products (1)
pbboard/pbboard
< 3.0.1
Published
Dec 05, 2014
Tracked Since
Feb 18, 2026