Phorum read.php Second Argument SQL Injection

2004-10-24T07:46:15
ID OSVDB:11129
Type osvdb
Reporter Positive Technologies(pt@ptsecurity.ru)
Modified 2004-10-24T07:46:15

Description

Vulnerability Description

Phorum contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the application does not validate user-supplied input upon submission to the 'read.php' script and will allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 5.0.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Phorum contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the application does not validate user-supplied input upon submission to the 'read.php' script and will allow a remote attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/read.php?1,[SQL CODE HERE],newer

References:

Vendor URL: http://phorum.org/ Vendor Specific News/Changelog Entry: http://phorum.org/changelog-5.txt Vendor Specific News/Changelog Entry: http://phorum.org/cvs-changelog-5.txt Security Tracker: 1011921 Secunia Advisory ID:12980 Other Advisory URL: http://www.ptsecurity.ru/advisory.asp CVE-2004-2240 Bugtraq ID: 11538