CVE-2004-0323 - OpenCVE

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xmb Forum	Xmb

Configuration 1 [-]

OR	cpe:2.3:a:xmb_forum:xmb:1.8:::::::*
	cpe:2.3:a:xmb_forum:xmb:1.8_sp1:::::::*
	cpe:2.3:a:xmb_forum:xmb:1.8_sp2:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html
http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html
http://marc.info/?l=bugtraq&m=107756526625179&w=2
http://www.securityfocus.com/bid/9726
http://www.xmbforum.com/community/boards/viewthread.php?tid=746859
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
https://exchange.xforce.ibmcloud.com/vulnerabilities/15295

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-03-18T05:00:00

Updated: 2024-08-08T00:17:14.591Z

Reserved: 2004-03-17T00:00:00

Link: CVE-2004-0323

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2021-04-29T15:15:09.367

Link: CVE-2004-0323

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-29T14:37:26", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "9726", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9726"}, {"name": "20040225 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html"}, {"name": "xmb-multiple-sql-injection(15295)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15295"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.xmbforum.com/community/boards/viewthread.php?tid=746859"}, {"name": "20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107756526625179&w=2"}, {"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0323", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "9726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9726"}, {"name": "20040225 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html"}, {"name": "xmb-multiple-sql-injection(15295)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15295"}, {"name": "http://www.xmbforum.com/community/boards/viewthread.php?tid=746859", "refsource": "CONFIRM", "url": "http://www.xmbforum.com/community/boards/viewthread.php?tid=746859"}, {"name": "20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107756526625179&w=2"}, {"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html"}, {"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "refsource": "MISC", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:17:14.591Z"}, "title": "CVE Program Container", "references": [{"name": "9726", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9726"}, {"name": "20040225 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html"}, {"name": "xmb-multiple-sql-injection(15295)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15295"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.xmbforum.com/community/boards/viewthread.php?tid=746859"}, {"name": "20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107756526625179&w=2"}, {"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0323", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-03-17T00:00:00", "dateUpdated": "2024-08-08T00:17:14.591Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "368C1906-D897-46D8-A47E-D321311EE393", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmb_forum:xmb:1.8_sp1:*:*:*:*:*:*:*", "matchCriteriaId": "A1A6D868-8DB9-40AF-82C5-D9697876F91E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmb_forum:xmb:1.8_sp2:*:*:*:*:*:*:*", "matchCriteriaId": "5016F4A0-C50A-4B27-B0E3-4FAA4D1645EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta."}], "id": "CVE-2004-0323", "lastModified": "2021-04-29T15:15:09.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107756526625179&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/9726"}, {"source": "cve@mitre.org", "url": "http://www.xmbforum.com/community/boards/viewthread.php?tid=746859"}, {"source": "cve@mitre.org", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15295"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "XMB versions 1.9.8 SP2 and later were checked and are not vulnerable.", "lastModified": "2008-12-11T00:00:00", "organization": "XMB"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}