CVE-2008-1486

SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.

Published: Mar 25, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1486
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
phorum / phorum	5.0.15	5.0.15.x
phorum / phorum	5.0.1_alpha	5.0.1_alpha.x
phorum / phorum	5.2.2-beta	5.2.2-beta.x
phorum / phorum	5.0.13a	5.0.13a.x
phorum / phorum	5.0.15a	5.0.15a.x
phorum / phorum	5.0.2_alpha	5.0.2_alpha.x
phorum / phorum	5.0.5_beta	5.0.5_beta.x
phorum / phorum	5.0.19	5.0.19.x
phorum / phorum	5.1.13	5.1.13.x
phorum / phorum	5.0.7a_beta	5.0.7a_beta.x
phorum / phorum	5.0.17	5.0.17.x
phorum / phorum	5.0.17a	5.0.17a.x
phorum / phorum	5.1.25	5.1.25.x
phorum / phorum	5.0.18	5.0.18.x
phorum / phorum	5.0.4a_beta	5.0.4a_beta.x
phorum / phorum	5.1.18	5.1.18.x
phorum / phorum	5.2.4-rc2	5.2.4-rc2.x
phorum / phorum	5.2.3-rc1	5.2.3-rc1.x
phorum / phorum	5.0.12	5.0.12.x
phorum / phorum	-	5.2.5.x
phorum / phorum	5.0.20	5.0.20.x
phorum / phorum	5.1.20	5.1.20.x
phorum / phorum	5.2	5.2.x
phorum / phorum	5.1.21	5.1.21.x
phorum / phorum	5.0.0_alpha	5.0.0_alpha.x
phorum / phorum	5.0.16	5.0.16.x
phorum / phorum	5.0.10	5.0.10.x
phorum / phorum	5.0.11	5.0.11.x
phorum / phorum	5.0.14a	5.0.14a.x
phorum / phorum	5.0.9	5.0.9.x
phorum / phorum	5.0.14	5.0.14.x
phorum / phorum	5.0.7_beta	5.0.7_beta.x
phorum / phorum	5.1.14	5.1.14.x
phorum / phorum	5.0.6_beta	5.0.6_beta.x
phorum / phorum	5.1.17	5.1.17.x
phorum / phorum	5.0.3_beta	5.0.3_beta.x
phorum / phorum	5.0.4_beta	5.0.4_beta.x
phorum / phorum	5.0.13	5.0.13.x
phorum / phorum	5.2.1	5.2.1.x
phorum / phorum	5.0.8_rc	5.0.8_rc.x

Vulnerability Database

290,020

CVE-2008-1486