CVE-2008-1486

SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
phorumphorum
𝑥
≤ 5.2.5
phorumphorum
5.0.0_alpha:_alpha
phorumphorum
5.0.1_alpha:_alpha
phorumphorum
5.0.2_alpha:_alpha
phorumphorum
5.0.3_beta:_beta
phorumphorum
5.0.4_beta:_beta
phorumphorum
5.0.4a_beta:a_beta
phorumphorum
5.0.5_beta:_beta
phorumphorum
5.0.6_beta:_beta
phorumphorum
5.0.7_beta:_beta
phorumphorum
5.0.7a_beta:a_beta
phorumphorum
5.0.8_rc:_rc
phorumphorum
5.0.9
phorumphorum
5.0.10
phorumphorum
5.0.11
phorumphorum
5.0.12
phorumphorum
5.0.13
phorumphorum
5.0.13a:a
phorumphorum
5.0.14
phorumphorum
5.0.14a:a
phorumphorum
5.0.15
phorumphorum
5.0.15a:a
phorumphorum
5.0.16
phorumphorum
5.0.17
phorumphorum
5.0.17a:a
phorumphorum
5.0.18
phorumphorum
5.0.19
phorumphorum
5.0.20
phorumphorum
5.1.13
phorumphorum
5.1.14
phorumphorum
5.1.17
phorumphorum
5.1.18
phorumphorum
5.1.20
phorumphorum
5.1.21
phorumphorum
5.1.25
phorumphorum
5.2
phorumphorum
5.2.1
phorumphorum
5.2.2:beta
phorumphorum
5.2.3:rc1
phorumphorum
5.2.4:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/29519
http://www.phorum.org/phorum5/read.php?64%2C126815%2C126815
http://www.securityfocus.com/bid/28540
https://exchange.xforce.ibmcloud.com/vulnerabilities/41418
http://secunia.com/advisories/29519
http://www.phorum.org/phorum5/read.php?64%2C126815%2C126815
http://www.securityfocus.com/bid/28540
https://exchange.xforce.ibmcloud.com/vulnerabilities/41418