CVE-2023-34249

Description

benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

benjjvi / PyBB< dcaeccd37198ecd3e41ea766d1099354b60d69c2 – < dcaeccd37198ecd3e41ea766d1099354b60d69c2

References

VENDOR_ADVISORYhttps://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg
PATCHhttps://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2