{"cve": [{"lastseen": "2019-05-29T18:08:59", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter.", "modified": "2017-10-11T01:31:00", "id": "CVE-2007-1555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1555", "published": "2007-03-20T22:19:00", "title": "CVE-2007-1555", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nMinerva contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'forum.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nThe vendor has discontinued the R2 release and advised to upgrade to Minerva release R3.\n## Short Description\nMinerva contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'forum.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/forum.php?c=[SQL]\n## References:\nVendor URL: http://www.project-minerva.org\nVendor Specific News/Changelog Entry: http://www.project-minerva.org/home/viewtopic.php?f=28&t=258\nISS X-Force ID: 33082\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3519\nFrSIRT Advisory: ADV-2007-1028\n[CVE-2007-1555](https://vulners.com/cve/CVE-2007-1555)\nBugtraq ID: 23036\n", "modified": "2007-03-19T22:30:16", "published": "2007-03-19T22:30:16", "href": "https://vulners.com/osvdb/OSVDB:33748", "id": "OSVDB:33748", "title": "Minerva forum.php c Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-03-25T00:00:00", "published": "2007-03-25T00:00:00", "id": "SECURITYVULNS:VULN:7465", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7465", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}