2 matches found
CVE-2002-0287
The vulnerability affects Powie PHP Forum versions prior to 1.15. The root cause is that PHP magic_quotes is not explicitly enabled by default, enabling an attacker to bypass authentication and gain administrator privileges via an SQL injection when the PHP server is not configured to use magic q...
CVE-2002-0319
CVE-2002-0319 describes a cross-site scripting vulnerability in edituser.php for pforum versions 1.14 and earlier. The issue allows remote attackers to inject JavaScript via the username, enabling them to execute script and potentially steal cookies from other users. Affected component: pforum’s ...