HTB23133: Elite Bulletin Board multiple SQL injection vulnerabilities :: High-Tech Bridge

Monday, December 24, 2012

HTB23133: Elite Bulletin Board multiple SQL injection vulnerabilities

High-Tech Bridge Security Research Lab discovered multiple SQL injection vulnerabilities in Elite Bulletin Board 2.1.21.

The vulnerabilities exist due to insufficient sanitation of user-supplied data in URI in the "update_whosonline_reg()" and "update_whosonline_guest()" functions within the "/includes/user_function.php" script. Many scripts are vulnerable to this atack. More information: High-Tech Bridge Advisory HTB23133 - Multiple SQL Injection Vulnerabilities in Elite Bulletin Board.

Upgrade to Elite Bulletin Board v2.1.22 to fix this issues.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)