| VID |
21632 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WowBB software is vulnerable to an SQL injection vulnerability in the "view_user.php" script. WowBB is a Web based bulletin board system written in PHP that uses a MySQL backend database. WowBB Forum version 1.62 and possibly earlier versions could allow a remote attacker to execute arbitrary SQL commands, caused by improper filtering of user-supplied input passed to the "sort_by" parameter of the "view_user.php" script. This vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://secunia.com/advisories/12843/
* Platforms Affected:
WowBB Forum version 1.62 and possibly earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2005.
Upgrade to the latest version of WowBB Forum (greater than 1.62), when new fixed version becomes available from the WowBB Forum Web site at http://www.wowbb.com/ |
| Related URL |
CVE-2005-1554 (CVE) |
| Related URL |
13569 (SecurityFocus) |
| Related URL |
20565 (ISS) |
|
