Vulnerability Details CVE-2005-0413
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://seclists.org/lists/bugtraq/2005/Feb/0125.html
- http://secunia.com/advisories/14205
- http://securitytracker.com/id?1013136
- http://www.securityfocus.com/bid/12501
- http://www.securityfocus.com/bid/27083
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19272
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39348
- https://www.exploit-db.com/exploits/4822
- http://seclists.org/lists/bugtraq/2005/Feb/0125.html
- http://secunia.com/advisories/14205
- http://securitytracker.com/id?1013136
- http://www.securityfocus.com/bid/12501
- http://www.securityfocus.com/bid/27083
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19272
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39348
- https://www.exploit-db.com/exploits/4822
Products affected by CVE-2005-0413
-
cpe:2.3:a:myphp_forum:myphp_forum:1.0
-
cpe:2.3:a:myphp_forum:myphp_forum:2.0
-
cpe:2.3:a:myphp_forum:myphp_forum:3.0