CoolForum register.php login Parameter SQL Injection

2005-03-17T19:47:52
ID OSVDB:14953
Type osvdb
Reporter Romano(romano_45@hotmail.com)
Modified 2005-03-17T19:47:52

Description

Vulnerability Description

CoolForum contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'login' parameter in the 'register.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 0.8.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

CoolForum contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'login' parameter in the 'register.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.coolforum.net/ Security Tracker: 1013474 Related OSVDB ID: 14951 Related OSVDB ID: 14952 ISS X-Force ID: 19759 CVE-2005-0858 Bugtraq ID: 12852