[VIM] Minor nit - Unclassified NewsBoard SQL injection

Steven M. Christey coley at mitre.org
Fri Nov 25 16:46:32 EST 2005

VDBs are describing the Unclassified NewsBoard SQL injection issue
from a few days ago by saying that the DateFrom parameter is
affected.  They seem to have missed DateUntil:

1) In the title of rgod's advisory :) it says:

     Unclassified NewsBoard 1.5.3 patch level 3 "DateFrom" &
     "DateUntil" blind SQL injection

2) Then:

     vulnerable code near lines 393-454 in search.inc.php: "DateFrom"
     and "DateUntil" arguments are not properly sanitized before to be
     passed to a query

3) Then:


The bulk of the advisory concentrates on "DateFrom", so that must be
what happened.  Not that people would just derive their descriptions
from someone else's analysis... oh no, that NEVER happens ;-)

- Steve

Name: CVE-2005-3686
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3686
Reference: MISC:http://rgod.altervista.org/unb153pl3_xpl.html
Reference: MISC:http://packetstormsecurity.org/0511-exploits/unb153pl3_xpl.html
Reference: BID:15466
Reference: URL:http://www.securityfocus.com/bid/15466
Reference: FRSIRT:ADV-2005-2487
Reference: URL:http://www.frsirt.com/english/advisories/2005/2487
Reference: OSVDB:20951
Reference: URL:http://www.osvdb.org/20951
Reference: SECUNIA:17614
Reference: URL:http://secunia.com/advisories/17614

SQL injection vulnerability in search.inc.php in Unclassified
NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute
arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter
to forum.php.

More information about the VIM mailing list