Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
CVE Reference: CVE-2014-9560
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]
http://www.inzeed.com/kaleidoscope/sql-injection-vulnerability/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/
No comments:
Post a Comment