Home > Discussion Boards, File Inclusion, SQL Injection > Bigforum SQL Injection and Arbitrary File Upload

Bigforum SQL Injection and Arbitrary File Upload

July 29th, 2010

Application: Bigforum
Affected Version: version 5.2 and other versions.
Vendor’s URL: Bigforum
Bug Type: SQL Injection and Arbitrary File Upload
Risk Level:

Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to the “images/avatar/” directory (e.g. via .htaccess).

Discussion Boards, File Inclusion, SQL Injection

Comments are closed.