Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3191

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3191
Last Modified 29 Jan 2009 01:52:31
Published 16 Jul 2008 02:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3191

Summary

Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.

Vulnerable Systems

Application

  • Marcioforum Mforum 0.1a


References

XF - mforum-usercp-sql-injection(43757)

BID - 30214

MILW0RM - 6068

SREASON - 4003


Last Updated: 27 May 2016 10:48:06