CVE-2005-2888 - OpenCVE

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mybulletinboard	Mybulletinboard

Configuration 1 [-]

cpe:2.3:a:mybulletinboard:mybulletinboard:preview_release_2:*:*:*:*:*:*:*

References

Link	Resource
http://marc.info/?l=bugtraq&m=112611068702781&w=2
http://secunia.com/advisories/16738/	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/22192

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-09-14T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-09-14T00:00:00

Link: CVE-2005-2888

JSON object: View

NVD Information

Status : Modified

Published: 2005-09-14T20:03:00.000

Modified: 2017-07-11T01:33:01.923

Link: CVE-2005-2888

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050907 SQL Injection[2] In MyBB PR2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112611068702781&w=2"}, {"name": "mybb-misc-newreply-sql-injection(22192)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22192"}, {"name": "16738", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16738/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2888", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050907 SQL Injection[2] In MyBB PR2", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112611068702781&w=2"}, {"name": "mybb-misc-newreply-sql-injection(22192)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22192"}, {"name": "16738", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16738/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2888", "datePublished": "2005-09-14T04:00:00", "dateReserved": "2005-09-14T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}