CVE-2004-2178

Vulnerability

DevoyBB Web Forum version 1.0.0 contains an SQL injection vulnerability. The official description states that remote attackers can execute arbitrary SQL commands via unknown vectors, indicating that the injection point(s) and required conditions were not disclosed in the publicly available reference [1]. The vulnerable version is 1.0.0.

Exploitation

The exploitation vector is not detailed in the available sources [1]. Based on the description, an attacker can trigger the vulnerability remotely over the network. No authentication or user interaction is explicitly mentioned, suggesting that the attack surface may be unauthenticated. The exact sequence of steps is unknown.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands against the forum's database. This typically leads to information disclosure (extraction of user credentials, forum content), data manipulation, and potentially full compromise of the database server, depending on configuration and permissions.

Mitigation

The reference [1] does not provide a fix or workaround. As an early-2000s vulnerability, it is likely resolved in a later version of DevoyBB Web Forum, but no specific patched version is documented. Users running version 1.0.0 should upgrade to a supported release or discontinue use if the software is no longer maintained.