1 results (0.001 seconds)
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 2
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 2CVE-2004-2754 – YABB SE 1.x - 'SSI.php' ID_MEMBER SQL Injection
https://notcve.org/view.php?id=CVE-2004-2754
31 Dec 2004 — SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. • https://www.exploit-db.com/exploits/23554 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •