MidnightBSD

Advisories for usebb

CVE-2005-2439 HIGH

SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
usebb usebb 0.1
usebb usebb 0.2.2
usebb usebb 0.3.2
usebb usebb 0.5.1
usebb usebb 0.4.1
usebb usebb 0.2.1
usebb usebb 0.2.3a
usebb usebb 0.2
usebb usebb 0.1.1
usebb usebb 0.5
usebb usebb 0.3.1
usebb usebb 0.2.3
usebb usebb 0.3
usebb usebb 0.4
CVE-2006-2524 MEDIUM

Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
usebb usebb 1.0_rc1
CVE-2006-2525 MEDIUM

SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
usebb usebb 1.0_rc1
CVE-2010-3713 MEDIUM

rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
usebb usebb 0.2.2
usebb usebb 1.0.9
usebb usebb 0.5.1
usebb usebb 0.4.1
usebb usebb *
usebb usebb 0.2
usebb usebb 1.0.2
usebb usebb 1.0.3
usebb usebb 0.1.1
usebb usebb 0.5
usebb usebb 0.6
usebb usebb 0.3.1
usebb usebb 1.0.1
usebb usebb 1.0.7
usebb usebb 0.2.3
usebb usebb 0.1
usebb usebb 1.0.5
usebb usebb 0.3.2
usebb usebb 0.7
usebb usebb 0.2.1
usebb usebb 1.0
usebb usebb 1.0.4
usebb usebb 0.3
usebb usebb 0.4
usebb usebb 1.0.6
CVE-2020-8088 HIGH

panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
usebb usebb 1.0.12