Sql injection

2010-06-0218:30:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.

CPENameOperatorVersion
my_little_forumeq2.1.1
my_little_forumeq2.2.3
my_little_forumeq2.2.2
my_little_forumeq1.7.6
my_little_forumeq2.1.2
my_little_forumeq2.2
my_little_forumeq2.1.4
my_little_forumeq2.2.1
my_little_forumeq2.1.3
my_little_forumeq2.0.2

Name	Operator	Version
my_little_forum	eq	2.1.1
my_little_forum	eq	2.2.3
my_little_forum	eq	2.2.2
my_little_forum	eq	1.7.6
my_little_forum	eq	2.1.2
my_little_forum	eq	2.2
my_little_forum	eq	2.1.4
my_little_forum	eq	2.2.1
my_little_forum	eq	2.1.3
my_little_forum	eq	2.0.2

References

packetstormsecurity.org/1003-exploits/mlf-sql.txt

www.securityfocus.com/bid/38485

exchange.xforce.ibmcloud.com/vulnerabilities/56618

www.exploit-db.com/exploits/11616