Vulnerabilities > CVE-2007-2339 - SQL-Injection vulnerability in Phorum
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.
Vulnerable Configurations
Exploit-Db
description Phorum 5.1.20 admin.php Groups Module Edit/Add Group Field SQL Injection. CVE-2007-2339. Webapps exploit for php platform id EDB-ID:29894 last seen 2016-02-03 modified 2007-04-23 published 2007-04-23 reporter Janek Vind source https://www.exploit-db.com/download/29894/ title Phorum 5.1.20 admin.php Groups Module Edit/Add Group Field SQL Injection description Phorum 5.1.20 pm.php Recipient Name SQL Injection. CVE-2007-2339. Webapps exploit for php platform id EDB-ID:29892 last seen 2016-02-03 modified 2007-04-23 published 2007-04-23 reporter Janek Vind source https://www.exploit-db.com/download/29892/ title Phorum 5.1.20 pm.php Recipient Name SQL Injection description Phorum 5.1.20 admin.php badwords/banlist Module SQL Injection. CVE-2007-2339. Webapps exploit for php platform id EDB-ID:29893 last seen 2016-02-03 modified 2007-04-23 published 2007-04-23 reporter Janek Vind source https://www.exploit-db.com/download/29893/ title Phorum 5.1.20 admin.php badwords/banlist Module SQL Injection
References
- http://osvdb.org/35062
- http://osvdb.org/35063
- http://osvdb.org/35064
- http://secunia.com/advisories/24932
- http://securityreason.com/securityalert/2617
- http://securitytracker.com/id?1017936
- http://www.phorum.org/story.php?76
- http://www.securityfocus.com/archive/1/466286/100/0/threaded
- http://www.securityfocus.com/bid/23616
- http://www.vupen.com/english/advisories/2007/1479
- http://www.waraxe.us/advisory-49.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34081