CVE-2005-2580: SQL Injection
First published: Tue Aug 16 2005(Updated: )
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mybulletinboard | =1.00_rc4_security_patch |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-2580?
CVE-2005-2580 is classified as a high severity vulnerability due to its potential for remote SQL injection attacks.
How do I fix CVE-2005-2580?
To fix CVE-2005-2580, you should upgrade MyBulletinBoard to the latest version that patches this vulnerability.
What types of attacks can be executed using CVE-2005-2580?
CVE-2005-2580 allows attackers to execute arbitrary SQL commands which can compromise the database.
Which versions of MyBulletinBoard are affected by CVE-2005-2580?
CVE-2005-2580 affects MyBulletinBoard version 1.00 RC4 with Security Patch.
Where can I find more information about CVE-2005-2580?
Detailed information about CVE-2005-2580 can be found in security databases and advisories.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mybulletinboard
- canonical/mybulletinboard
- version/mybulletinboard/1.00_rc4_security_patch