|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-05-14 | |
| Rule Name: | Gnuboard5 v5.3.2.8 install_db.php SQL Injection Vulnerability (CVE-2020-18662) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | GNUBOARD5 is a Web forum system based on PHP and MySQL. gnuboard5 v5.3.2.8 has a security vulnerability. This vulnerability stems from the SQL injection vulnerability in gnuboard5 v5.3.2.8 by installing the table prefix parameter of db.php. Attackers can exploit this vulnerability to obtain database permissions, and by further exploiting it, they can obtain server permissions. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://github.com/LoRexxar/CVE_Request/tree/master/gnuboard5%20mul%20vuls%20before%20v5.3.2.8#sql-injection-in-install_dbphp https://github.com/gnuboard/gnuboard5/issues/43 https://www.seebug.org/vuldb/ssvid-97927 |
|
| Solutions |
|---|
| Please refer to announcements or patches release by the vendor: https://github.com/gnuboard/gnuboard5/issues/43 |