Description
Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/6068
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43757
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30214
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6068
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4003
Scores
EPSS
0.0050
EPSS Percentile
65.8%
Details
CWE
CWE-89
Status
published
Products (1)
marcioforum/mforum
0.1a
Published
Jul 16, 2008
Tracked Since
Feb 18, 2026