Multiple SQL Injection Vulnerabilities in Elite Bulletin Board
|Product:||Elite Bulletin Board|
|Vendor:||Elite Bulletin Board|
|Vulnerable Versions:||2.1.21 and probably prior|
|Advisory Publication:||November 28, 2012 [without technical details]|
|Vendor Notification:||November 28, 2012|
|Vendor Fix:||December 6, 2012|
|Public Disclosure:||December 19, 2012|
|Latest Update:||December 7, 2012|
|Vulnerability Type:||SQL Injection [CWE-89]|
|CVSSv2 Base Score:||7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Elite Bulletin Board, which can be exploited to perform SQL injection attacks.
|Upgrade to Elite Bulletin Board v2.1.22|
| High-Tech Bridge Advisory HTB23133 - https://www.immuniweb.com/advisory/HTB23133 - Multiple SQL Injection Vulnerabilities in Elite Bulletin Board.|
 Elite Bulletin Board - http://elite-board.us/ - Elite Bulletin Board is an advanced Bulletin Board program that provides advanced features such as CAPTCHA, sub-board, skinning ability, multilingual, commercial password encryption, and much more.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.