CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-0343

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile34.09th
Published2004年11月23日
Last Modified2026年4月16日

Vulnerability Description

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.

Affected Platforms (CPE)

📦
Yabb

Yabb

= 1.5.4
📦
Yabb

Yabb

= 1.5.5
📦
Yabb

Yabb

= 1.5.5b

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=107816202813083&w=2
🔗 http://www.securityfocus.com/bid/9774
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/15354
🔗 http://marc.info/?l=bugtraq&m=107816202813083&w=2
🔗 http://www.securityfocus.com/bid/9774
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/15354

関連する脆弱性情報

CVE-2004-240310.0

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as...

CVE-2007-320810.0

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via ...

CVE-2013-20579.8

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability

CVE-2002-01177.5

Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute...