VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2062

CVE-2004-2062

Description

SQL injection in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the thread_id, parent_id, or mode parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the thread_id, parent_id, or mode parameters.

Vulnerability

AntiBoard versions 0.7.2 and earlier are vulnerable to SQL injection in the antiboard.php script. The thread_id, parent_id, and mode parameters are not properly sanitized before being used in SQL queries, allowing an attacker to inject arbitrary SQL statements. This issue is documented in a Bugtraq post [2].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable antiboard.php script with malicious SQL code in any of the three parameters (thread_id, parent_id, or mode). No authentication is required, and the attack can be performed remotely over the network. The attacker simply needs to manipulate the parameter values to break out of the intended SQL syntax and execute arbitrary commands.

Impact

Successful exploitation allows the attacker to execute arbitrary SQL queries against the database backend (MySQL or PostgreSQL). This can lead to unauthorized reading, modification, or deletion of data, including user credentials and private messages. In some cases, the attacker may be able to escalate privileges or gain administrative access to the bulletin board.

Mitigation

No official patch was released for this vulnerability. Users of AntiBoard 0.7.2 or earlier should upgrade to a newer version if available, or apply input sanitization and parameterized queries to the affected parameters. As the software is likely end-of-life, migrating to an alternative bulletin board system is recommended.

References
  1. 'AntiBoard <= 0.7.2 XSS/SQL Injection'

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Antiboard/Antiboard8 versions
    cpe:2.3:a:antiboard:antiboard:0.6:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:antiboard:antiboard:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:antiboard:antiboard:0.61:*:*:*:*:*:*:*
    • cpe:2.3:a:antiboard:antiboard:0.62:*:*:*:*:*:*:*
    • cpe:2.3:a:antiboard:antiboard:0.63:*:*:*:*:*:*:*
    • cpe:2.3:a:antiboard:antiboard:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:antiboard:antiboard:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:antiboard:antiboard:0.7.2:*:*:*:*:*:*:*
    • (no CPE)range: <=0.7.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

4

News mentions

0

No linked articles in our index yet.