[VIM] WowBB - Partial Rediscovery of view_user.php/sort_by vector

Steven M. Christey coley at mitre.org
Tue Dec 20 18:23:59 EST 2005

Re: MISC:http://pridels.blogspot.com/2005/11/wowbb-165-sql-vuln.html

view_user.php/sort_by vector was previously published in CVE-2004-2181
for an earlier version.

(Note that r0t mentions a previous disclosure)

- Steve

Name: CVE-2004-2181
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2181
Reference: MISC:http://www.maxpatrol.com/advdetails.asp?id=7
Reference: BID:11429
Reference: URL:http://www.securityfocus.com/bid/11429

Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow
remote attackers to execute arbitrary SQL commands via the (1) sort_by
or (2) page parameters to view_user.php, or the (3) forum_id parameter
to view_topic.php.

More information about the VIM mailing list