6kbbs v8.0 SQL Injection Security Vulnerabilities

Hacker Research Topics

07_phone_security_g_w

6kbbs v8.0 SQL Injection Security Vulnerabilities

Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities

Vendor: 6kbbs

Product: 6kbbs

Vulnerable Versions: v7.1 v8.0

Tested Version: v7.1 v8.0

Advisory Publication: April 01, 2015

Latest Update: April 01, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:



(1) Vendor & Product Description:



Vendor:

6kbbs

Product & Vulnerable Versions:

6kbbs

v7.1

v8.0

Vendor URL & download:

6kbbs can be obtained from here,

http://www.6kbbs.com/download.html

http://www.bvbcode.com/code/93n8as2z-down

Product Introduction Overview:

“6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but…

View original post 詳見內文:約247字

廣告

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s