Back to search
CVE-2008-2067
Published: May 2, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.minibb.com/download.php?file=minibb_update
x_refsource_CONFIRM
61116
vdb-entry
x_refsource_BID
minibb-bbadmin-sql-injection(42270)
vdb-entry
x_refsource_XF
30004
third-party-advisory
x_refsource_SECUNIA
20080428 Minibb 2.2a XSS Vulnerability
mailing-list
x_refsource_BUGTRAQ
20130711 XSS and SQL Injection Vulnerabilities in MiniBB
mailing-list
x_refsource_FULLDISC
3846
third-party-advisory
x_refsource_SREASON
95121
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now