Description
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.
Exploits (2)
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12501
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4822
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27083
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19272
Exploit mailing-list
x_refsource_bugtraq
http://seclists.org/lists/bugtraq/2005/Feb/0125.html
Exploit, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013136
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39348
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14205
Scores
EPSS
0.0221
EPSS Percentile
84.5%
Details
CWE
CWE-89
Status
published
Products (3)
myphp_forum/myphp_forum
1.0
myphp_forum/myphp_forum
2.0
myphp_forum/myphp_forum
3.0
Published
Apr 27, 2005
Tracked Since
Feb 18, 2026