PT-2007-5297 · Bsm · Bsm Store Dependent Forums

Published

2007-07-30

Updated

2018-10-15

CVE-2007-4095

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BSM Store Dependent Forums version 1.02

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via a Username field, likely through the FrmUserName parameter in the "login.asp" API endpoint.

Recommendations For version 1.02, consider restricting access to the FrmUserName parameter in the "login.asp" endpoint until a patch is available. As a temporary workaround, validate and sanitize all user input to prevent malicious SQL commands.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2007-4095

Affected Products

Bsm Store Dependent Forums

PT-2007-5297 · Bsm · Bsm Store Dependent Forums

CVE-2007-4095

Weakness Enumeration

Related Identifiers

Affected Products

References · 6