CVE-2014-9254 – MiniBB 3.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2014-9254
bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php. bb_func_unsub.php en MiniBB 3.1 anterior a 20141127 utiliza una expresión regular incorrecta, lo que permite a atacantes remotos llevar a cabo ataques de inyección SQL a través del parámetro código en la acción cancelar la suscripción en index.php. miniBB version 3.1 suffers from a remote blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/35579 http://secunia.com/advisories/61794 http://security.szurek.pl/minibb-31-blind-sql-injection.html http://www.minibb.com/forums/news-9/blind-sql-injection-fix-6430.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-5020 – WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-5020
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066. Múltiples vulnerabilidades XSS en bb_admin.php en MiniBB anterior 3.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) forum_name, (2) forum_group, (3) forum_icon, o (4) forum_desc. NOTA: el vector "whatus" está cubierto en el CVE-2008-2066. • https://www.exploit-db.com/exploits/38639 http://osvdb.org/95122 http://seclists.org/fulldisclosure/2013/Jul/102 http://www.minibb.com/download.php?file=minibb_update http://www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html http://www.securityfocus.com/bid/61116 https://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-minibb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2066
https://notcve.org/view.php?id=CVE-2008-2066
Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en bb_admin.php en miniBB, permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro "whatus" en una acción de "searchusers2". • http://osvdb.org/95122 http://seclists.org/fulldisclosure/2013/Jul/102 http://secunia.com/advisories/30004 http://securityreason.com/securityalert/3846 http://www.minibb.com/download.php?file=minibb_update http://www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html http://www.securityfocus.com/archive/1/491375/100/0/threaded http://www.securityfocus.com/bid/28957 http://www.securityfocus.com/bid/61116 https://exchange.xforce.ibmcloud.com& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2067
https://notcve.org/view.php?id=CVE-2008-2067
SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable. Vulnerabilidad de inyección SQL en bb_admin.php en miniBB, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "whatus" en una accción "searchusers2". • http://osvdb.org/95121 http://seclists.org/fulldisclosure/2013/Jul/102 http://secunia.com/advisories/30004 http://securityreason.com/securityalert/3846 http://www.minibb.com/download.php?file=minibb_update http://www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html http://www.securityfocus.com/archive/1/491375/100/0/threaded http://www.securityfocus.com/bid/61116 https://exchange.xforce.ibmcloud.com/vulnerabilities/42270 https://www.mavitunas • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-2029 – MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure
https://notcve.org/view.php?id=CVE-2008-2029
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php. Múltiples vulnerabilidades de inyección SQL en 1) setup_mysql.php y (2) setup_options.php de miniBB 2.2 y posiblemente anteriores, cuando está habilitado register_globals, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro xtr en una acción userinfo a index.php. • https://www.exploit-db.com/exploits/5494 http://secunia.com/advisories/29997 http://www.minibb.net/forums/9_5110_0.html http://www.securityfocus.com/bid/28930 https://exchange.xforce.ibmcloud.com/vulnerabilities/42014 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •