Lucene search
MitreCVE-2008-3191HistoryJul 16, 2008 - 6:41 p.m.
CVE-2008-3191
2008-07-1618:41:00
CWE-89
mitre
web.nvd.nist.gov
22
cve-2008-3191
sql injection
mforum
usercp.php
remote code execution
nvd
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
Low
EPSS
0.001
Percentile
50.0%
Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.
Affected configurations
Node
marcioforummforumMatch0.1a
| Vendor | Product | Version | CPE |
|---|---|---|---|
| marcioforum | mforum | 0.1a | cpe:2.3:a:marcioforum:mforum:0.1a:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2008-3191
2008-07-16 18:00:00
exploitdb
exploitdb
MFORUM 0.1a - Arbitrary Add Admin
2008-07-13 00:00:00
nvd
nvd
CVE-2008-3191
2008-07-16 18:41:00
prion
prion
Sql injection
2008-07-16 18:41:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
Low
EPSS
0.001
Percentile
50.0%
Related for CVE-2008-3191