CoolForum entete.php pseudo Parameter SQL Injection

2005-03-17T19:47:52
ID OSVDB:14952
Type osvdb
Reporter Romano(romano_45@hotmail.com)
Modified 2005-03-17T19:47:52

Description

Vulnerability Description

CoolForum contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'pseudo' parameter in the 'entete.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 0.8.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

CoolForum contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'pseudo' parameter in the 'entete.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.coolforum.net/ Security Tracker: 1013474 Related OSVDB ID: 14953 Related OSVDB ID: 14951 ISS X-Force ID: 19759 CVE-2005-0858 Bugtraq ID: 12852