Test ID:	1.3.6.1.4.1.25623.1.0.805158
Category:	Web application abuses
Title:	SoftBB 'post' Parameter Multiple Vulnerabilities
Summary:	SoftBB is prone to multiple vulnerabilities.
Description:	Summary: SoftBB is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to the /redir_last_post_list.php script not properly sanitizing user-supplied input to the 'post' parameter. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary HTML and script code and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: SoftBB version 0.1.3, Prior version may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9560 BugTraq ID: 71986 http://www.securityfocus.com/bid/71986 http://seclists.org/fulldisclosure/2015/Jan/20 http://packetstormsecurity.com/files/129888/SoftBB-0.1.3-SQL-Injection.html http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/ Common Vulnerability Exposure (CVE) ID: CVE-2014-9561 BugTraq ID: 71987 http://www.securityfocus.com/bid/71987 http://seclists.org/fulldisclosure/2015/Jan/21 http://packetstormsecurity.com/files/129889/SoftBB-0.1.3-Cross-Site-Scripting.html http://tetraph.com/security/cves/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.