Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ajax_forum_stat by mybb

    CVE-2013-6936 (GCVE-0-2013-6936)

    Vulnerability from nvd – Published: 2013-12-04 15:00 – Updated: 2024-08-06 17:53
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/100030 vdb-entryx_refsource_OSVDB
    http://www.exploit-db.com/exploits/29797 exploitx_refsource_EXPLOIT-DB
    http://packetstormsecurity.com/files/124091/MyBB-… x_refsource_MISC
    http://www.iedb.ir/exploits-889.html x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://seclists.org/bugtraq/2013/Nov/102 mailing-listx_refsource_BUGTRAQ
    Date Public
    2013-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:53:45.329Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100030",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/100030"
              },
              {
                "name": "29797",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/29797"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.iedb.ir/exploits-889.html"
              },
              {
                "name": "mybb-ajaxfs-sql-injection(89084)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"
              },
              {
                "name": "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2013/Nov/102"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "100030",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/100030"
            },
            {
              "name": "29797",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/29797"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.iedb.ir/exploits-889.html"
            },
            {
              "name": "mybb-ajaxfs-sql-injection(89084)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"
            },
            {
              "name": "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2013/Nov/102"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-6936",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100030",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/100030"
                },
                {
                  "name": "29797",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/29797"
                },
                {
                  "name": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"
                },
                {
                  "name": "http://www.iedb.ir/exploits-889.html",
                  "refsource": "MISC",
                  "url": "http://www.iedb.ir/exploits-889.html"
                },
                {
                  "name": "mybb-ajaxfs-sql-injection(89084)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"
                },
                {
                  "name": "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://seclists.org/bugtraq/2013/Nov/102"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-6936",
        "datePublished": "2013-12-04T15:00:00.000Z",
        "dateReserved": "2013-12-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:53:45.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6936 (GCVE-0-2013-6936)

    Vulnerability from cvelistv5 – Published: 2013-12-04 15:00 – Updated: 2024-08-06 17:53
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/100030 vdb-entryx_refsource_OSVDB
    http://www.exploit-db.com/exploits/29797 exploitx_refsource_EXPLOIT-DB
    http://packetstormsecurity.com/files/124091/MyBB-… x_refsource_MISC
    http://www.iedb.ir/exploits-889.html x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://seclists.org/bugtraq/2013/Nov/102 mailing-listx_refsource_BUGTRAQ
    Date Public
    2013-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:53:45.329Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100030",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/100030"
              },
              {
                "name": "29797",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/29797"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.iedb.ir/exploits-889.html"
              },
              {
                "name": "mybb-ajaxfs-sql-injection(89084)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"
              },
              {
                "name": "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2013/Nov/102"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "100030",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/100030"
            },
            {
              "name": "29797",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/29797"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.iedb.ir/exploits-889.html"
            },
            {
              "name": "mybb-ajaxfs-sql-injection(89084)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"
            },
            {
              "name": "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2013/Nov/102"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-6936",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100030",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/100030"
                },
                {
                  "name": "29797",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/29797"
                },
                {
                  "name": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"
                },
                {
                  "name": "http://www.iedb.ir/exploits-889.html",
                  "refsource": "MISC",
                  "url": "http://www.iedb.ir/exploits-889.html"
                },
                {
                  "name": "mybb-ajaxfs-sql-injection(89084)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"
                },
                {
                  "name": "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://seclists.org/bugtraq/2013/Nov/102"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-6936",
        "datePublished": "2013-12-04T15:00:00.000Z",
        "dateReserved": "2013-12-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:53:45.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }