RSS   Vulnerabilities for 'Celerbb'   RSS

2009-03-09
 
CVE-2009-0853

CWE-287
 

 
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.

 
 
CVE-2009-0852

CWE-200
 

 
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.

 
 
CVE-2009-0851

CWE-89
 

 
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top