Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7040


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7040
Last Modified 24 Aug 2009 12:00:00
Published 24 Aug 2009 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.

Vulnerable Systems


  • Yellowswordfish Simple Forum -


XF - simpleforum-sfprofile-sql-injection(41578)

BID - 27854

BUGTRAQ - 20080216 WordPress SQL Injection(wp-content-simple-forum)

OSVDB - 52210

Last Updated: 27 May 2016 10:49:26