Vulnerabilities > Berlios > Discussion Forum 2K
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-10 | CVE-2008-6100 | SQL Injection vulnerability in Berlios Discussion Forum 2K 3.3 Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php. | 6.8 |