Description
Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp.
Exploits (1)
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29192
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42390
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29189
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5608
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42398
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30233
Scores
EPSS
0.0083
EPSS Percentile
74.6%
Details
CWE
CWE-89
Status
published
Products (1)
aspindir/meto_forum
1.1
Published
May 27, 2008
Tracked Since
Feb 18, 2026