Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0413

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0413
Last Modified 06 Dec 2010 12:00:00
Published 27 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0413

Summary

Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.

Vulnerable Systems

Application

  • Myphp Forum 1.0

  • Myphp Forum 2.0

  • Myphp Forum 3.0


References

XF - myphpforum-member-sql-injection(39348)

XF - myphpforum-multiple-sql-injection(19272)

BID - 27083

BID - 12501

MILW0RM - 4822

SECTRACK - 1013136

SECUNIA - 14205

BUGTRAQ - 20050209 Several SQL injection bugs in myPHP Forum v.1.0


Last Updated: 27 May 2016 10:39:48