Sir: >> Gnuboard >> 4.31.03 Security Vulnerabilities
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
CVSS Score
7.5
EPSS Score
0.006
Published
2011-11-04
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
CVSS Score
6.8
EPSS Score
0.026
Published
2009-01-27