PT-2008-3465 · W1L3D4+1 · Philboard

U238

Published

2008-04-24

Updated

2017-09-29

CVE-2008-1939

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard reply.asp, and the (3) forumid parameter to (b) philboard newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-1939

Affected Products

Philboard

PT-2008-3465 · W1L3D4+1 · Philboard

CVE-2008-1939

Weakness Enumeration

Related Identifiers

Affected Products

References · 6