Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1486

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1486
Last Modified 05 Sep 2008 12:00:00
Published 24 Mar 2008 07:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1486

Summary

SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.

Vulnerable Systems

Application

  • Phorum 5.0.0 Alpha

  • Phorum 5.0.1 Alpha

  • Phorum 5.0.10

  • Phorum 5.0.11

  • Phorum 5.0.12

  • Phorum 5.0.13

  • Phorum 5.0.13a

  • Phorum 5.0.14

  • Phorum 5.0.14a

  • Phorum 5.0.15

  • Phorum 5.0.15a

  • Phorum 5.0.16

  • Phorum 5.0.17

  • Phorum 5.0.17a

  • Phorum 5.0.18

  • Phorum 5.0.19

  • Phorum 5.0.2 Alpha

  • Phorum 5.0.20

  • Phorum 5.0.3 Beta

  • Phorum 5.0.4 Beta

  • Phorum 5.0.4a Beta

  • Phorum 5.0.5 Beta

  • Phorum 5.0.6 Beta

  • Phorum 5.0.7 Beta

  • Phorum 5.0.7a Beta

  • Phorum 5.0.8 Rc

  • Phorum 5.0.9

  • Phorum 5.1.13

  • Phorum 5.1.14

  • Phorum 5.1.17

  • Phorum 5.1.18

  • Phorum 5.1.20

  • Phorum 5.1.21

  • Phorum 5.1.25

  • Phorum 5.2

  • Phorum 5.2.1

  • Phorum 5.2.2

  • Phorum 5.2.3

  • Phorum 5.2.4

  • Phorum 5.2.5


References

CONFIRM - http://www.phorum.org/phorum5/read.php?64,126815,126815

XF - phorum-nonfulltext-sql-injection(41418)

BID - 28540

SECUNIA - 29519


Last Updated: 27 May 2016 10:47:08