CVE-2004-2754
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2004-2754
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
YABB SE SSI.php ID_MEMBER参数SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Yabb Se是一款基于PHP/MySQL的论坛程序。 Yabb Se包含的SSI.php没有充分过滤用户提交的URI参数,远程攻击者可以利用这个漏洞进行SQL注入攻击,可能获得敏感信息或修改数据库。 SSI.php文件返回一些论坛最近论题,版面统计等一些信息,由于对ID_MEMBER参数缺少充分的过滤,攻击者可以提交恶意SQL命令,更改原有数据库逻辑,获得敏感信息或修改数据库。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2004-2754
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2004-2754
请登录查看更多情报信息。
- http://www.yabbse.org/community/index.php?thread=27122x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2004-2754
Same Patch Batch · n/a · 2007-11-15 · 75 CVEs total
| CVE-2007-4689 | Apple Mac OS X 网络组件双重释放漏洞 | |
| CVE-2007-5982 | X7 Chat 多个跨站脚本攻击漏洞 | |
| CVE-2006-7229 | skge Driver Spin_Unlock spin_lock/spin_unlock函数远程拒绝服务漏洞 | |
| CVE-2007-4697 | Apple Mac OS X内存破坏漏洞 | |
| CVE-2007-4696 | Apple Mac OS X WebCore竞争条件漏洞 | |
| CVE-2007-4695 | Apple Mac OS X WebCore未明输入验证漏洞 | |
| CVE-2007-4694 | Apple Mac OS X Safari远程访问控制漏洞 | |
| CVE-2007-4693 | Apple Mac OS X SecurityAgent身份验证绕过漏洞 | |
| CVE-2007-4691 | Apple Mac OS X NSURL访问控制绕过漏洞 | |
| CVE-2007-4690 | Apple Mac OS X NFS组件双重释放漏洞 | |
| CVE-2007-4692 | Apple Mac OS X Safari的Tabbed功能敏感信息泄露漏洞 | |
| CVE-2007-4688 | Apple Mac OS X 网络组件访问控制漏洞 | |
| CVE-2007-4687 | Apple Mac OS X remote_cmds组件目录遍历漏洞 | |
| CVE-2007-4686 | Apple Mac OS X ttioctl整数溢出漏洞 | |
| CVE-2007-4685 | Apple Mac OS X kernel 本地用户权限提升漏洞 | |
| CVE-2007-4684 | Apple Mac OS X kernel整数溢出多个安全漏洞 | |
| CVE-2007-4683 | Apple Mac OS X kernel目录遍历漏洞 | |
| CVE-2007-4682 | Apple Mac OS X CoreText拒绝服务攻击漏洞 | |
| CVE-2007-4681 | Apple Mac OS X CoreFoundation缓冲区溢出漏洞 | |
| CVE-2007-4680 | Apple Mac OS X 敏感信息泄露漏洞 |
Showing top 20 of 75 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2004-2754
No comments yet