MidnightBSD

Advisories for myphp_forum

CVE-2005-0413 HIGH

Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
myphp_forum myphp_forum 1.0
myphp_forum myphp_forum 3.0
myphp_forum myphp_forum 2.0
CVE-2005-1404 MEDIUM

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
myphp_forum myphp_forum 1.0
myphp_forum myphp_forum 3.0
myphp_forum myphp_forum 2.0