MidnightBSD

Advisories for elite-board

CVE-2012-5874 HIGH

Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
elite-board elite_bulletin_board 2.0.3
elite-board elite_bulletin_board 2.1.5
elite-board elite_bulletin_board 2.0.1
elite-board elite_bulletin_board 2.1.6
elite-board elite_bulletin_board 2.1.2
elite-board elite_bulletin_board 2.1.14
elite-board elite_bulletin_board 2.1.0
elite-board elite_bulletin_board 2.1.19
elite-board elite_bulletin_board 2.1.11
elite-board elite_bulletin_board 2.1.13
elite-board elite_bulletin_board 2.1.18
elite-board elite_bulletin_board 2.1.12
elite-board elite_bulletin_board 2.1.15
elite-board elite_bulletin_board 2.1.20
elite-board elite_bulletin_board *
elite-board elite_bulletin_board 2.1.3
elite-board elite_bulletin_board 2.1.1
elite-board elite_bulletin_board 2.0.0
elite-board elite_bulletin_board 2.1.16
elite-board elite_bulletin_board 2.0.2
elite-board elite_bulletin_board 2.1.4
elite-board elite_bulletin_board 2.1.8
elite-board elite_bulletin_board 2.1.7
elite-board elite_bulletin_board 2.1.9
elite-board elite_bulletin_board 2.1.10
elite-board elite_bulletin_board 2.1.17