Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3543

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-3543
Last Modified 05 Aug 2011 12:00:00
Published 16 Nov 2005 02:42:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3543

Summary

SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.

Vulnerable Systems

Application

  • Phorum 5.0.0 Alpha

  • Phorum 5.0.1 Alpha

  • Phorum 5.0.10

  • Phorum 5.0.11

  • Phorum 5.0.12

  • Phorum 5.0.13

  • Phorum 5.0.13a

  • Phorum 5.0.14

  • Phorum 5.0.14a

  • Phorum 5.0.15

  • Phorum 5.0.16

  • Phorum 5.0.17

  • Phorum 5.0.18

  • Phorum 5.0.19

  • Phorum 5.0.2 Alpha

  • Phorum 5.0.20

  • Phorum 5.0.3 Beta

  • Phorum 5.0.4 Beta

  • Phorum 5.0.4a Beta

  • Phorum 5.0.5 Beta

  • Phorum 5.0.6 Beta

  • Phorum 5.0.7 Beta

  • Phorum 5.0.7a Beta

  • Phorum 5.0.8 Rc

  • Phorum 5.0.9


References

MISC - http://www.waraxe.us/advisory-43.html

SECUNIA - 17456

BUGTRAQ - 20051104 [waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier

VUPEN - ADV-2005-2332

OSVDB - 20524

SREASON - 153

CONFIRM - http://phorum.org/story.php?57


Last Updated: 27 May 2016 10:40:58