SQL Injection Vulnerability in pforum by pforum
CVE-2002-0287

Currently unrated

Key Information:

Vendor: Powie
Status: Pforum
Vendor: CVE Published:; 31 May 2002

What is CVE-2002-0287?

The pforum web forum software, specifically version 1.14 and earlier, is vulnerable to SQL injection attacks due to insufficient handling of PHP magic quotes. If the server is not configured to use magic quotes, an attacker can exploit this vulnerability to bypass authentication mechanisms and potentially gain administrative access. This flaw poses significant risks for web applications utilizing pforum, enabling unauthorized users to execute malicious SQL commands that can compromise the integrity and security of the system.

References

http://marc.info/?l=bugtraq&m=101389284625019&w=2

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/8203.php

vdb-entryx_refsource_XF

http://www.powie.de/news/index.php

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2002
Vulnerability Reserved
May 1, 2002

CVE-2002-0287 Data

JSON

Powie

What is CVE-2002-0287?

References

Timeline