Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2004-03-18T05:00:00
Updated: 2021-04-29T14:37:26
Reserved: 2004-03-17T00:00:00
Link: CVE-2004-0323
JSON object: View
NVD Information
Status : Modified
Published: 2004-12-31T05:00:00.000
Modified: 2021-04-29T15:15:09.367
Link: CVE-2004-0323
JSON object: View
Redhat Information
No data.
CWE