CVE-2008-3191

CVE-2008-3191 affects mForum 0.1a. Multiple SQL injection vulnerabilities exist in usercp.php when magic_quotes_gpc is disabled, allowing remote attackers to inject arbitrary SQL via the edit_profile fields (City, Interest, Email, Icq, msn, Yahoo Messenger). The root cause is improper handling of...