PHPBB 2.0.13 DLMan Pro Module SQL Injection Vulnerability
2005-04-06T00:00:00
ID EDB-ID:25344 Type exploitdb Reporter LovER BOY Modified 2005-04-06T00:00:00
Description
PHPBB 2.0.13 DLMan Pro Module SQL Injection Vulnerability. CVE- 2005-1026. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/13028/info
The DLMan Pro mod for phpBB is reportedly affected by an SQL Injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/[phpBB]/dlman.php?func=file_info&file_id='[SQL Injection]
{"id": "EDB-ID:25344", "hash": "812e05fda1b01da3aedbc0c247bc0344", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PHPBB 2.0.13 DLMan Pro Module SQL Injection Vulnerability", "description": "PHPBB 2.0.13 DLMan Pro Module SQL Injection Vulnerability. CVE- 2005-1026. Webapps exploit for php platform", "published": "2005-04-06T00:00:00", "modified": "2005-04-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/25344/", "reporter": "LovER BOY", "references": [], "cvelist": [], "lastseen": "2016-02-03T01:09:44", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2016-02-03T01:09:44"}, "dependencies": {"references": [], "modified": "2016-02-03T01:09:44"}, "vulnersScore": 0.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/25344/", "sourceData": "source: http://www.securityfocus.com/bid/13028/info\r\n\r\nThe DLMan Pro mod for phpBB is reportedly affected by an SQL Injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.\r\n\r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. \r\n\r\nhttp://www.example.com/[phpBB]/dlman.php?func=file_info&file_id='[SQL Injection] ", "osvdbidlist": ["15484"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}