CVE-2004-0343

Published: Nov 23, 2004Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.

Affected (3)

Products: Yabb: Yabb

Yabb

1 product

Yabb

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Yabb Yabb	Version 1.5.4
Yabb Yabb	Version 1.5.5
Yabb Yabb	Version 1.5.5b

References (6)

http://marc.info/?l=bugtraq&m=107816202813083&w=2

Source: cve@mitre.org

http://www.securityfocus.com/bid/9774

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/15354

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=107816202813083&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/9774

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/15354

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.