CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

CVE-2014-9560  Softbb.net SoftBB SQL Injection Security Vulnerabilities

 

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
CVE Reference: CVE-2014-9560
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

Advisory Details:
Vendor URL:
(2) Vulnerability Details:
Softbb.net SoftBB can be exploited by SQL Injection attacks.
(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

References:
Advertisements

6 thoughts on “CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

  1. Pingback: CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities | IT Computer & Web Information Technology

  2. Pingback: CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities | Computer Technology Hut

  3. Pingback: CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability | Blog Related to IT, Science, Math, etc

  4. Pingback: CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities | Hacker Research Topics

  5. Pingback: CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities | INZEED Business Information & Counsel

  6. Pingback: CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities | 比翼鳥資訊 – 在天願作比翼鳥 在地願為連理枝

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s