RSS   Podatności dla 'Celerbb'   RSS

2009-03-09
 
CVE-2009-0853

CWE-287
 
 
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.

 
 
CVE-2009-0852

CWE-200
 
 
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.

 
 
CVE-2009-0851

CWE-89
 
 
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.

 

Copyright 2024, cxsecurity.com

 

Back to Top