NVD

Id
15436  
Name
CVE-2010-4151  
Description
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-11-03  
Modified Date
2010-11-04  
Seq
2010-4151  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
87037 15436 CVE-2010-4151 http://packetstormsecurity.org/1010-exploits/deluxebb13x-sql.txt  View
87038 15436 CVE-2010-4151 http://www.deluxebb.com/community/topic.php?tid=993  View
87039 15436 CVE-2010-4151 http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html  View
87040 15436 CVE-2010-4151 20101019 SQL injection in DeluxeBB  View
87041 15436 CVE-2010-4151 44259  View
87042 15436 CVE-2010-4151 deluxebb-xthedateformat-sql-injection(62660)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
37575 JVNDB-2010-003360 DeluxeBB における SQL インジェクションの脆弱性 DeluxeBB の misc.php には、SQL インジェクションの脆弱性が存在します。 CVE-2010-4151 46731 CVE-2010-4151 15436 6.8 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003360.html 2010-11-03 2012-03-27 View