2 matches found
CVE-2004-1938
This CVE (CVE-2004-1938) concerns a SQL injection in Phorum 3.4.7’s userlogin.php. The vulnerability is triggered by doubly hex-encoded input (e.g., "%2527" which becomes a single quote) via the phorum_uriauth parameter to list.php, allowing remote attackers to execute arbitrary SQL commands. The...
CVE-2004-1938
SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorumuriauth parameter to list.php...