CVE-2004-0343: SQL Injection
First published: Thu Mar 18 2004(Updated: )
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yabb | =1.5.5 | |
| Yabb | =1.5.5b | |
| Yabb | =1.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-0343?
CVE-2004-0343 is classified as a high severity vulnerability due to the potential for remote SQL injection attacks.
How do I fix CVE-2004-0343?
To fix CVE-2004-0343, upgrade YaBB SE to version 1.5.6 or a later version that addresses these SQL injection vulnerabilities.
What software is affected by CVE-2004-0343?
The affected software includes YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b.
What types of attacks can be executed through CVE-2004-0343?
Through CVE-2004-0343, attackers can execute arbitrary SQL commands that may compromise the database.
Are there any known exploits for CVE-2004-0343?
Yes, there are known exploits that take advantage of the SQL injection vulnerabilities present in CVE-2004-0343.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/yabb
- canonical/yabb yabb
- version/yabb yabb/1.5.5
- version/yabb yabb/1.5.5b
- version/yabb yabb/1.5.4