Vulnerability Details CVE-2014-9254
bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/61794
- http://security.szurek.pl/minibb-31-blind-sql-injection.html
- http://www.minibb.com/forums/news-9/blind-sql-injection-fix-6430.html
- http://secunia.com/advisories/61794
- http://security.szurek.pl/minibb-31-blind-sql-injection.html
- http://www.minibb.com/forums/news-9/blind-sql-injection-fix-6430.html