| VID |
21416 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The BroadBoard has a 'profile.asp' script SQL Injection Vulnerability.
BroadBoard Instant Active Server Pages (ASP files) Message Board is an instant message board system that allows an administrator to manage message boards and users. Some versions of BroadBoard are vulnerable to a SQL Injection attack, caused by a failure of the application to properly sanitize user-supplied URI data prior to including it in an SQL query. By sending a specially-crafted request to the 'profile.asp' script containing embedded SQL commands in the 'handle' parameter, a remote attacker could obtain sensitive information and add, modify or delete data in the backend database.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=10337
http://securitytracker.com/alerts/2004/Sep/1011419.html
* Platforms Affected:
BroadBoard Any version
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the new version of BroadBoard, when new version fixed this problem becomes available from the BroadBoard Web Site at http://www.broadboard.com/ |
| Related URL |
CVE-2004-1555 (CVE) |
| Related URL |
11250 (SecurityFocus) |
| Related URL |
17500 (ISS) |
|
