Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/27406 - Vendor Advisory | |
References | () http://www.inj3ct-it.org/exploit/Multi_Host.txt - Exploit | |
References | () http://www.securityfocus.com/archive/1/482838/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/26213 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/37461 - |
Information
Published : 2007-10-29 19:46
Updated : 2024-11-21 00:38
NVD link : CVE-2007-5688
Mitre link : CVE-2007-5688
CVE.ORG link : CVE-2007-5688
JSON object : View
Products Affected
phpbb
- phpbb
sebflipper
- multi-forums_module
invision_power_services
- invision_power_board
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')