PHP-Ultimate WebBoard 2.0 - 'admindel.php' Multiple Input Validation Vulnerabilities

EDB-ID:

32295

CVE:

N/A


Author:

t0pP8uZz

Type:

webapps


Platform:

PHP

Date:

2008-08-25


source: https://www.securityfocus.com/bid/30822/info

PHP-Ultimate Webboard is prone multiple-input validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

Successful exploits will allow unauthorized attackers to delete arbitrary questions and answers. Attackers may also exploit these issues to perform SQL-injection attacks.

PHP-Ultimate Webboard 2.0 is vulnerable; other versions may also be affected. 

http://www.example.com/webboard/admindel.php?action=delete&mode=question&qno=[NUM]&ano=[NUM]