CVE-2005-3543

SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.

Published: Nov 16, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3543
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
phorum / phorum	5.0.15	5.0.15.x
phorum / phorum	5.0.1_alpha	5.0.1_alpha.x
phorum / phorum	5.0.13a	5.0.13a.x
phorum / phorum	5.0.2_alpha	5.0.2_alpha.x
phorum / phorum	5.0.5_beta	5.0.5_beta.x
phorum / phorum	5.0.19	5.0.19.x
phorum / phorum	5.0.7a_beta	5.0.7a_beta.x
phorum / phorum	5.0.17	5.0.17.x
phorum / phorum	5.0.18	5.0.18.x
phorum / phorum	5.0.4a_beta	5.0.4a_beta.x
phorum / phorum	5.0.12	5.0.12.x
phorum / phorum	5.0.20	5.0.20.x
phorum / phorum	5.0.0_alpha	5.0.0_alpha.x
phorum / phorum	5.0.16	5.0.16.x
phorum / phorum	5.0.10	5.0.10.x
phorum / phorum	5.0.11	5.0.11.x
phorum / phorum	5.0.14a	5.0.14a.x
phorum / phorum	5.0.9	5.0.9.x
phorum / phorum	5.0.14	5.0.14.x
phorum / phorum	5.0.7_beta	5.0.7_beta.x
phorum / phorum	5.0.6_beta	5.0.6_beta.x
phorum / phorum	5.0.3_beta	5.0.3_beta.x
phorum / phorum	5.0.4_beta	5.0.4_beta.x
phorum / phorum	5.0.13	5.0.13.x
phorum / phorum	5.0.8_rc	5.0.8_rc.x

Vulnerability Database

290,020

CVE-2005-3543