fkie_cve-2008-1486
Vulnerability from fkie_nvd
Published
2008-03-24 23:44
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phorum | phorum | * | |
| phorum | phorum | 5.0.0_alpha | |
| phorum | phorum | 5.0.1_alpha | |
| phorum | phorum | 5.0.2_alpha | |
| phorum | phorum | 5.0.3_beta | |
| phorum | phorum | 5.0.4_beta | |
| phorum | phorum | 5.0.4a_beta | |
| phorum | phorum | 5.0.5_beta | |
| phorum | phorum | 5.0.6_beta | |
| phorum | phorum | 5.0.7_beta | |
| phorum | phorum | 5.0.7a_beta | |
| phorum | phorum | 5.0.8_rc | |
| phorum | phorum | 5.0.9 | |
| phorum | phorum | 5.0.10 | |
| phorum | phorum | 5.0.11 | |
| phorum | phorum | 5.0.12 | |
| phorum | phorum | 5.0.13 | |
| phorum | phorum | 5.0.13a | |
| phorum | phorum | 5.0.14 | |
| phorum | phorum | 5.0.14a | |
| phorum | phorum | 5.0.15 | |
| phorum | phorum | 5.0.15a | |
| phorum | phorum | 5.0.16 | |
| phorum | phorum | 5.0.17 | |
| phorum | phorum | 5.0.17a | |
| phorum | phorum | 5.0.18 | |
| phorum | phorum | 5.0.19 | |
| phorum | phorum | 5.0.20 | |
| phorum | phorum | 5.1.13 | |
| phorum | phorum | 5.1.14 | |
| phorum | phorum | 5.1.17 | |
| phorum | phorum | 5.1.18 | |
| phorum | phorum | 5.1.20 | |
| phorum | phorum | 5.1.21 | |
| phorum | phorum | 5.1.25 | |
| phorum | phorum | 5.2 | |
| phorum | phorum | 5.2.1 | |
| phorum | phorum | 5.2.2 | |
| phorum | phorum | 5.2.3 | |
| phorum | phorum | 5.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51F00681-EE3F-40FA-B516-19C64B76B973",
"versionEndIncluding": "5.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "26E2C5A7-8B52-4BDF-80F1-5D45AEBE6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8DF602-0A22-45A9-A286-C237180701C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "AB109C36-BF0F-41E3-A1F4-0DB264BD4A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9A31EA2D-2B01-4928-9B3E-9D666FD2758B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E87DE16C-7C68-4DA8-9BD9-C61D74E61D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "5001527E-FE93-4BE7-BF79-7717D64CAF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D15ED599-6B84-4E03-8BA4-36E1D55F1F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D491A2B9-949A-4A56-A41F-23A222C03BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "01CFDB0B-6FBD-49F3-8238-81E92661297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "EC73A23F-2399-41B0-B6BD-289DF63F2C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59DD99-1FC7-498B-9EA1-1AA8FE132EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1655572D-7D56-4D9D-9E0F-A67DF23FC934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "387E0B83-B240-4922-8C57-CE0CDB000888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D02321D7-2F3E-40F9-9A76-CFF339C93199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3B908D49-F64A-488F-95F3-163AB9DAB02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*",
"matchCriteriaId": "1A26F8E5-0FFE-473D-BDA1-2D5340B5A4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF0655C-7C83-4363-A444-993B35D7A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D0F7C4-902D-4186-8EFF-3876D6D6633E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6F87C476-6A55-4B19-97B0-24204E96A63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0AC3E-97F7-4A13-8E65-7E424D055E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*",
"matchCriteriaId": "D184385A-763A-4971-8051-20564D020787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "04B508F8-CFCC-4841-BF70-1ABB28EB1ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C365D62D-ACB1-44D3-935D-F79A79642684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B45305-FF8B-42F8-A726-F8604BADC323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "70F4AB87-2D63-4208-8982-BBF978392285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "149A6B5A-84FC-4B6F-B053-0AC881BC03D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "375346D4-CEA4-4BAE-83DF-639E86C3DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6E0429-3241-47B0-B853-66D3167CE4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "121F0F96-F901-479F-A64F-3DAE1AC0AFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F837829B-28E5-41B3-9A23-C4D4A7FE636A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "700B9165-B956-4CAB-B980-42885FFA418F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C4E79D-EBE6-456C-A74F-B94F32736383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3596808-8399-4EA9-B885-5443CA91C3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B5409C8A-8B57-48FB-B01E-411C00153E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DB422C-E79C-46B2-BB52-8C457822A0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "37881B2C-0CD0-4E2A-A11D-9758772640E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Phorum versiones anteriores a 5.2.6, cuando la funci\u00f3n mysql_use_ft est\u00e1 deshabilitado, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la b\u00fasqueda sin texto completo."
}
],
"id": "CVE-2008-1486",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-24T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29519"
},
{
"source": "cve@mitre.org",
"url": "http://www.phorum.org/phorum5/read.php?64%2C126815%2C126815"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28540"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phorum.org/phorum5/read.php?64%2C126815%2C126815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41418"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…