Unrated severityNVD Advisory· Published Dec 31, 2014· Updated May 6, 2026

CVE-2014-9254

Description

bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.

Affected products

Minibb/Minibb
cpe:2.3:a:minibb:minibb:*:*:*:*:*:*:*:*
Range: <=3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.szurek.pl/minibb-31-blind-sql-injection.htmlnvdExploit
www.minibb.com/forums/news-9/blind-sql-injection-fix-6430.htmlnvdVendor Advisory
secunia.com/advisories/61794nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000