Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote malicious users to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and previous versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
myphp forum myphp forum 3.0 |
||
myphp forum myphp forum 2.0 |
||
myphp forum myphp forum 1.0 |