TinyBB 'Profile' SQL Injection Vulnerability

Published: 2011-01-13 12:28:59
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Detection Type:
Remote Vulnerability

Recommendations:
Vendor patch is available. Please see the reference for more details.

Solution Type:
Vendor Patch

Summary:
TinyBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. TinyBB 1.2 is vulnerable. Other versions may also be affected.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2011-0443

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/45737

References:

https://www.securityfocus.com/bid/45737
http://www.tinybb.net/

Search
Severity
Medium
CVSS Score
6.8

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.