PT-2008-1923 · X Forum · X-Forum
J0J0
·
Publicado
2008-01-15
·
Atualizado
2017-09-29
·
CVE-2008-0279
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Xforum version 1.4
Description
A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The
topic parameter is affected, and possibly the categorie parameter as well.Recommendations
For Xforum version 1.4, consider restricting access to the
liretopic.php file until a patch is available. As a temporary workaround, avoid using the topic parameter in the affected API endpoint, and possibly the categorie parameter, to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
X-Forum