Global infos:

A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board. Affected by this issue is the function display_all_replies of the file functions/main.php. The manipulation of the argument str leads to sql injection. The patch is identified as 26439bc4c63632d63ba89ebc0f149b25a9010361. It is recommended to apply a patch to fix this issue. VDB-218378 is the identifier assigned to this vulnerability.

CVE Status: Modified

References:

[email protected]

[email protected]

[email protected]

af854a3a-2127-422b-91ae-364da2661108

af854a3a-2127-422b-91ae-364da2661108

af854a3a-2127-422b-91ae-364da2661108

Metrics:

Attribute	Value
Attack Complexity	LOW
Attack Vector	ADJACENT_NETWORK
Availability Impact	LOW
Base Score	5.5
Base Severity	MEDIUM
Confidentiality Impact	LOW
Integrity Impact	LOW
Privileges Required	LOW
Scope	UNCHANGED
User Interaction	NONE
Vector String	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability Score	2.1
Impact Score	3.4
Source	[email protected]
Type	Secondary

Links:

Exploit-db
Github