Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MiniBB多个SQL注入和跨站脚本漏洞
Vulnerability Description
MiniBB(全称Minimalistic Bulletin Board)是一套免费、开源的互联网论坛软件。该软件支持多种论坛样式、多界面语言、多时区、插件扩展等。 MiniBB的实现上存在多个SQL注入漏洞,远程攻击者可能利用此漏洞对服务程序执行SQL注入攻击。 如果将action设置为registernew的话,MiniBB的index.php文件中没有正确地验证对lang参数的输入便返回给了用户,这可能允许攻击者在用户浏览器会话中执行任意HTML和脚本代码。 如果将action设置为userinfo
CVSS Information
N/A
Vulnerability Type
N/A