MidnightBSD

Advisories for quicksilver_forums

CVE-2005-4030 MEDIUM

SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
quicksilver_forums quicksilver_forums *
CVE-2008-7064 HIGH

Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
quicksilver_forums quicksilver_forums 1.4.2