Title: WowBB Forum Multiple Unspecified Remote Input Validation Vulnerabilities
Severity: MODERATE
Description:
WowBB Forum is a typical web-based forum application implemented in PHP with an SQL database backend. It can be implemented on UNIX and variants as well as Microsoft Windows.
WowBB is reportedly affected by multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input before including it in dynamic web content and SQL database queries.
Reportedly, multiple cross-site scripting and SQL-injection attacks affect various parameters when processed by various scripts. It is currently not known which scripts or parameters are affected; this BID will be updated as more information is released.
An attacker can leverage these issues to manipulate or reveal database contents through SQL-injection attacks and may carry out other attacks and steal cookie-based authentication credentials through cross-site scripting attacks.
Affected Products:
- WowBB Web Forum
- WowBB Web Forum 1.6.0
- WowBB Web Forum 1.61.0
- WowBB Web Forum 1.62.0
References:
- MaxPatrol: Advisories
- WowBB: WowBB Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
