Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0287

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0287
Last Modified 10 Sep 2008 08:00:53
Published 31 May 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0287

Summary

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.

Vulnerable Systems

Application

  • Powie Pforum 1.14


References

CONFIRM - http://www.powie.de/news/index.php

BUGTRAQ - 20020216 pforum: mysql-injection-bug

BID - 4114

XF - pforum-quotes-sql-injection(8203)


Last Updated: 27 May 2016 10:36:52