CVE-2010-4151

SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
deluxebbdeluxebb
𝑥
≤ 1.3
deluxebbdeluxebb
1.0
deluxebbdeluxebb
1.1
deluxebbdeluxebb
1.2
deluxebbdeluxebb
1.05
deluxebbdeluxebb
1.06
deluxebbdeluxebb
1.07
deluxebbdeluxebb
1.08
deluxebbdeluxebb
1.09
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/1010-exploits/deluxebb13x-sql.txt
http://secunia.com/advisories/41918
http://www.deluxebb.com/community/topic.php?tid=993
http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html
http://www.securityfocus.com/archive/1/514374/100/0/threaded
http://www.securityfocus.com/bid/44259
https://exchange.xforce.ibmcloud.com/vulnerabilities/62660
http://packetstormsecurity.org/1010-exploits/deluxebb13x-sql.txt
http://secunia.com/advisories/41918
http://www.deluxebb.com/community/topic.php?tid=993
http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html
http://www.securityfocus.com/archive/1/514374/100/0/threaded
http://www.securityfocus.com/bid/44259
https://exchange.xforce.ibmcloud.com/vulnerabilities/62660