Vulnerability Details CVE-2023-34249
benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.0%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2
- https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg
- https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2
- https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg
Products affected by CVE-2023-34249
-
cpe:2.3:a:pybb_project:pybb:-