SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-11-15T23:00:00
Updated: 2007-11-28T10:00:00
Reserved: 2007-11-15T00:00:00
Link: CVE-2004-2754
JSON object: View
NVD Information
Status : Analyzed
Published: 2004-12-31T05:00:00.000
Modified: 2008-09-05T20:45:01.497
Link: CVE-2004-2754
JSON object: View
Redhat Information
No data.
CWE