| VID |
21631 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WowBB software, according to its version number, has multiple input validation vulnerabilities. WowBB is a Web based bulletin board system written in PHP that uses a MySQL backend database. WowBB Forum version 1.61 and possibly earlier versions are multiple input validation vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and SQL injection attacks.
1) Certain unspecified input is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
2) Certain unspecified input is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
* Note: This check solely relied on the version number of the WowBB installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/12843/
* Platforms Affected:
WowBB Forum version 1.61 and possibly earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2005.
Upgrade to the latest version of WowBB Forum (greater than 1.61), when new fixed version becomes available from the WowBB Forum Web site at http://www.wowbb.com/ |
| Related URL |
CVE-2004-2180,CVE-2004-2181 (CVE) |
| Related URL |
11429 (SecurityFocus) |
| Related URL |
17728,17729 (ISS) |
|
