CVE-2002-1457

Name of the Vulnerable Software and Affected Versions L-Forum version 2.40

Description A SQL injection issue exists in the search.php file, allowing remote attackers to execute arbitrary SQL statements by manipulating the search parameter in the "/search.php" endpoint.

Recommendations For L-Forum version 2.40, update the search.php file to properly sanitize the search parameter to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the search functionality until a patch is available.