Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XMB 安全漏洞
Vulnerability Description
XMB 1.8 Final SP2版本存在安全漏洞。远程攻击者可以借助(1)viewthread.php的ppp参数,(2)misc.php的desc参数,(3)forumdisplay.php的tpp参数,(4)forumdisplay.php的ascdesc参数,或(5)stats.php的addon参数注入任意SQL以及提升特权。
CVSS Information
N/A
Vulnerability Type
N/A