Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Elite Bulletin Board 多个SQL输入漏洞
Vulnerability Description
Elite Bulletin Board是一款基于PHP的论坛程序。 Elite Bulletin Board中存在多个SQL注入漏洞,这些漏洞源于在includes/user_function.php脚本中的update_whosonline_reg()’和‘update_whosonline_guest()’函数中,对多个脚本附加到URL后的输入使用SQL查询之前没有正确的验证。通过注入任意SQL代码,攻击者利用该漏洞控制SQL查询。2.1.21版本中存在漏洞,早期版本也可能受到影响。
CVSS Information
N/A
Vulnerability Type
N/A