CVE-2011-4066

Published Nov 4, 2011

Last updated 7 years ago

Overview

Description: SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E3898D9-2F65-4132-8B28-4ECCECB4F5F1",
            "versionEndIncluding": "4.33.02"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08E70D59-49EB-4A2B-80CA-0BD651050DDE"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCBA9CFF-F981-4603-9899-AF33D9A06E9C"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F384348F-4D25-4554-96FD-DAD9F114D6F7"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E64226B8-DC52-495E-BBB7-D87E957959CC"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBA8ABCF-ECEE-4D8E-8C21-D3E3FBA3A8AF"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FE17003-86D7-4DBF-8505-DA1C0A577379"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "008FCD6F-3031-4FB7-AE33-EF570143C52F"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "458802ED-A3D7-433C-AE78-135384BEC79E"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD69FD0C-DCED-4CF7-8D60-5E74BA019C84"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83D1664D-CE27-4AFA-8A91-13F7519ABDCF"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:3.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E54CBFB-282D-4036-9D6E-C1EC216517E3"
          },
          {
            "criteria": "cpe:2.3:a:sir:gnuboard:4.31.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35CB85DC-978C-430A-8BD7-4E770E177853"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References