Multiple SQL Injection Vulnerabilities in Elite Bulletin Board before 2.1.22

Multiple SQL Injection Vulnerabilities in Elite Bulletin Board before 2.1.22

CVE-2012-5874 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.