Vulnerabilities > CVE-2002-1457 - SQL Injection vulnerability in Leszek Krupinski L-Forum 2.4.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
leszek-krupinski
exploit available

Summary

SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.

Vulnerable Configurations

Part Description Count
Application
Leszek_Krupinski
1

Exploit-Db

descriptionLeszek Krupinski L-Forum 2.4 Search Script SQL Injection Vulnerability. CVE-2002-1457. Webapps exploit for php platform
idEDB-ID:21708
last seen2016-02-02
modified2002-08-14
published2002-08-14
reporterMatthew Murphy
sourcehttps://www.exploit-db.com/download/21708/
titleLeszek Krupinski L-Forum 2.4 - Search Script SQL Injection Vulnerability