Ikonboard多个远程SQL注入漏洞

漏洞信息详情

Ikonboard多个远程SQL注入漏洞

• CNNVD编号：CNNVD-200412-663
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-1406
  
• 漏洞类型：
  
  
  SQL注入
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-08
  
• 厂        商：
  
  ikonboard.com
• 漏洞来源：
  This issue was rev…

Ikonboard 3.1.0版本到3.1.3版本存在SQL注入漏洞。远程攻击者可以借助(1)st或(2)keywords参数注入任意SQL命令。

The vendor has released a patch to address this vulnerability:
Ikonboard.com ikonboard 3.1.1

• Ikonboard.com ikonboard 3.1.x Patch
  
  http://forums.ikonboard.com/support/ikonboard.cgi?act=Attach;ID=167;f=
  70;t=14725;p=74492

Ikonboard.com ikonboard 3.1.2 a

• Ikonboard.com ikonboard 3.1.x Patch
  
  http://forums.ikonboard.com/support/ikonboard.cgi?act=Attach;ID=167;f=
  70;t=14725;p=74492

来源: BID
名称: 11982
链接:http://www.securityfocus.com/bid/11982

来源: XF
名称: ikonboard-ikonboard-sql-injection(18533)
链接:http://xforce.iss.net/xforce/xfdb/18533

来源: SECUNIA
名称: 13513
链接:http://secunia.com/advisories/13513

来源: BUGTRAQ
名称: 20041216 [MaxPatrol] SQL-injection in Ikonboard 3.1.x
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110321654705580&w=2