IkonBoard 3.x - Multiple SQL Injections

EDB-ID:

24986




Platform:

CGI

Date:

2004-12-16


source: https://www.securityfocus.com/bid/11982/info

Multiple remote SQL injection vulnerabilities reportedly affect Ikonboard. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.

An attacker may exploit these issues to manipulate SQL queries to the underlying database. This may facilitate theft of sensitive information, potentially including authentication credentials, and data corruption. 

http://host/support/ikonboard.cgi?act=ST&f=27&t=13066&hl=nickname&st=[SQL_Syntax]
http://host/support/ikonboard.cgi?act=Search&CODE=01&keywords=[SQL_Syntax]&type=name&forums=all&search_in=all&prune=0