[] NeoSense
E X P L O I T S
title author type platform port cve id

OpenBB 1.0/1.1 - 'index.php' SQL Injection

Author: Albert Puigsech Galicia
type: webapps
platform: php
port: 
date_added: 2003-04-22 
date_updated: 2012-11-06 
verified: 1 
codes: OSVDB-3342 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/7401/info

It has been reported that OpenBB does not properly check input passed via the 'index.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequences will vary depending on the underlying database implementation.

http://www.example.com/index.php?CID=1%20<something>

where <something> represents a SQL query.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.