MyPHP Forum forgot.php email Parameter SQL Injection

2005-02-10T08:40:33
ID OSVDB:13680
Type osvdb
Reporter foster GHC(foster@ghc.ru)
Modified 2005-02-10T08:40:33

Description

Vulnerability Description

MyPHP Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "$email" variable in the "forgot.php" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MyPHP Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "$email" variable in the "forgot.php" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.myphp.ws/ Security Tracker: 1013136 Secunia Advisory ID:14205 Related OSVDB ID: 13678 Related OSVDB ID: 13679 Related OSVDB ID: 13681 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0056.html CVE-2005-0413