Online Notice Board
Monthly
Critical SQL injection vulnerability in 1000projects Online Notice Board version 1.0 affecting the /register.php file's fname parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate or modify database contents. The vulnerability has been publicly disclosed with exploit code availability, creating immediate risk for deployed instances. With a CVSS score of 7.3 and network-accessible attack vector requiring no authentication, this poses significant risk to organizations using this software, though CVSS does not reflect the severity as 'critical' (which typically requires CVSS ≥9.0).
A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Critical SQL injection vulnerability in 1000projects Online Notice Board version 1.0 affecting the /register.php file's fname parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate or modify database contents. The vulnerability has been publicly disclosed with exploit code availability, creating immediate risk for deployed instances. With a CVSS score of 7.3 and network-accessible attack vector requiring no authentication, this poses significant risk to organizations using this software, though CVSS does not reflect the severity as 'critical' (which typically requires CVSS ≥9.0).
A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.