admin
07-01-2005, 12:14 AM
Phorum
http://phorum.org
June 30, 2005
http://securityfocus.com/bid/14095/info
Phoroum is prone to SQL injection attacks. Insufficient sanitization of
user input may allow a malicious user to manipulate the structure and
logic of database queries.
Successful exploitation could allow the attacker to compromise security
properties of the application and the database. Possible consequences
include unauthorized access to the application and database.
This issue has been reported to exist in Phorum 5.0.11. Earlier versions
may also be affected.
Exploit:
http://www.example.com/read.php?1,[MALICIOUS_SQL_CODE],newer (http://www.example.com/read.php?1,%5BMALICIOUS_SQL_CODE%5D,newer)
Solution:
Users may upgrade to version 5.0.12 or higher.
References:
http://securityfocus.com/bid/14095/info
--
[phpsec] Mailing List
Brought to you by php|architect - http://www.phparch.com (http://www.phparch.com/)
For account maintenance, please visit http://www.phparch.com/phpsec
http://phorum.org
June 30, 2005
http://securityfocus.com/bid/14095/info
Phoroum is prone to SQL injection attacks. Insufficient sanitization of
user input may allow a malicious user to manipulate the structure and
logic of database queries.
Successful exploitation could allow the attacker to compromise security
properties of the application and the database. Possible consequences
include unauthorized access to the application and database.
This issue has been reported to exist in Phorum 5.0.11. Earlier versions
may also be affected.
Exploit:
http://www.example.com/read.php?1,[MALICIOUS_SQL_CODE],newer (http://www.example.com/read.php?1,%5BMALICIOUS_SQL_CODE%5D,newer)
Solution:
Users may upgrade to version 5.0.12 or higher.
References:
http://securityfocus.com/bid/14095/info
--
[phpsec] Mailing List
Brought to you by php|architect - http://www.phparch.com (http://www.phparch.com/)
For account maintenance, please visit http://www.phparch.com/phpsec