DevoyBB Multiple Flaws Network Vulnerability

Summary

The remote host is running DevoyBB, a web based forum written in PHP. This version is vulnerable to XSS and SQL injection attacks. A malicious user can access users cookies including authentication cookies and inject SQL commands to be executed on the underlying database.

Solution

Upgrade to the latest version.

Severity

Classification

CVE CVE-2004-2177, CVE-2004-2178
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Apple Safari RSS Feed Information Disclosure Vulnerability
'research_display.php' SQL Injection Vulnerability
Athena Web Registration remote command execution flaw
ArticleFR CMS 'id' Parameter SQL Injection Vulnerability

DevoyBB multiple flaws

Take action and discover your vulnerabilities