| Name | FlexBB.Flexbb_lang_id.Cookie.Parameter.SQL.Injection |
| Release Date | Dec 08, 2009 |
| Severity | High |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt against an SQL injection vulnerability in Flexbb.
The vulnerability exists in includes/start.php when it handles a specially crafted flexbb_lang_id COOKIE parameter. It allows a remote attacker to execute arbitrary SQL commands. |
| Affected Products | FlexBB FlexBB 1.0 10005 Beta Release 1 |
| Recommended Actions | Update to the latest versions:
http://www.flexbb.net/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1729
|
| Reference/s | http://www.securityfocus.com/bid/23161 (BugTraq)
http://www.vupen.com/english/advisories/2007/1141 (FrSIRT)
|