Back to search
CVE-2008-6777
Published: May 1, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
28280
third-party-advisory
x_refsource_SECUNIA
6879
exploit
x_refsource_EXPLOIT-DB
myphpforum-post-member-sql-injection(46238)
vdb-entry
x_refsource_XF
31995
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now