CVE-2012-5874

Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
elite-boardelite_bulletin_board
𝑥
≤ 2.1.21
elite-boardelite_bulletin_board
2.0.0
elite-boardelite_bulletin_board
2.0.1
elite-boardelite_bulletin_board
2.0.2
elite-boardelite_bulletin_board
2.0.3
elite-boardelite_bulletin_board
2.1.0
elite-boardelite_bulletin_board
2.1.1
elite-boardelite_bulletin_board
2.1.2
elite-boardelite_bulletin_board
2.1.3
elite-boardelite_bulletin_board
2.1.4
elite-boardelite_bulletin_board
2.1.5
elite-boardelite_bulletin_board
2.1.6
elite-boardelite_bulletin_board
2.1.7
elite-boardelite_bulletin_board
2.1.8
elite-boardelite_bulletin_board
2.1.9
elite-boardelite_bulletin_board
2.1.10
elite-boardelite_bulletin_board
2.1.11
elite-boardelite_bulletin_board
2.1.12
elite-boardelite_bulletin_board
2.1.13
elite-boardelite_bulletin_board
2.1.14
elite-boardelite_bulletin_board
2.1.15
elite-boardelite_bulletin_board
2.1.16
elite-boardelite_bulletin_board
2.1.17
elite-boardelite_bulletin_board
2.1.18
elite-boardelite_bulletin_board
2.1.19
elite-boardelite_bulletin_board
2.1.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-12/0114.html
http://elite-board.us/Community/viewtopic.php?bid=1&tid=310
http://packetstormsecurity.com/files/118962/Elite-Bulletin-Board-2.1.21-SQL-Injection.html
http://secunia.com/advisories/51622
http://www.exploit-db.com/exploits/23575
http://www.osvdb.org/88531
https://www.htbridge.com/advisory/HTB23133
http://archives.neohapsis.com/archives/bugtraq/2012-12/0114.html
http://elite-board.us/Community/viewtopic.php?bid=1&tid=310
http://packetstormsecurity.com/files/118962/Elite-Bulletin-Board-2.1.21-SQL-Injection.html
http://secunia.com/advisories/51622
http://www.exploit-db.com/exploits/23575
http://www.osvdb.org/88531
https://www.htbridge.com/advisory/HTB23133