CVE-2010-4812

Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php.

Published : 2011-07-08 22:55 Updated : 2017-08-29 01:29

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
6kbbs 6kbbs 8.0 cpe:/a:6kbbs:6kbbs:8.0
  1. 6kbbs (1) Search CVE
    1. 6kbbs (1) Search CVE
      1. 8.0

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE