HTTP: MercuryBoard index.php SQL Injection
This signature detects an attempt to exploit a SQL injection vulnerability in MercuryBoard 1.1.4. By submitting a maliciously crafted request, an attacker can steal the MercuryBoard administrator password.
Extended Description
MercuryBoard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Affected Products
Mercuryboard message_board
References
BugTraq: 14015
CVE: CVE-2005-0663
URL: http://www.mercuryboard.com/ http://www.securityfocus.com/archive/1/402929
Short Name
HTTP:SQL:INJ:MERCURY-UA
Severity
Warning
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-0663 Injection MercuryBoard SQL bid:14015 index.php
Release Date
08/31/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Mercuryboard
CVSS Score
7.5