CVE-2005-3236
Cyphor 0.19 is affected by two SQL injection vulnerabilities described in CVE-2005-3236. The issues reside in (1) newmsg.php using the fid parameter and (2) lostpwd.php using the nick parameter. Successful exploitation can allow remote attackers to execute arbitrary SQL and potentially gain admin...