CVE-2005-0413
published 2005-04-27CVE-2005-0413: Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.08%
79.2th percentile
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myphp | myphp_forum | <= 3.0 | — |
| myphp | myphp_forum | — | — |
| myphp | myphp_forum | — | — |
| myphp_forum | myphp_forum | — | — |
| myphp_forum | myphp_forum | — | — |
| myphp_forum | myphp_forum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hfg4-546m-7764: Multiple SQL injection vulnerabilities in MyPHP Forum 3
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-6777 [HIGH] CWE-89 GHSA-hfg4-546m-7764: Multiple SQL injection vulnerabilities in MyPHP Forum 3
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.
GHSA
GHSA-3mjc-8px4-f596: Multiple SQL injection vulnerabilities in MyPHP Forum 1
ghsa_unreviewed·2022-05-01
CVE-2005-0413 [HIGH] CWE-89 GHSA-3mjc-8px4-f596: Multiple SQL injection vulnerabilities in MyPHP Forum 1
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.
GHSA
GHSA-c82x-g5gm-v74f: SQL injection vulnerability in faq
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-6667 [HIGH] CWE-89 GHSA-c82x-g5gm-v74f: SQL injection vulnerability in faq
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413.
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/lists/bugtraq/2005/Feb/0125.htmlhttp://secunia.com/advisories/14205http://securitytracker.com/id?1013136http://www.securityfocus.com/bid/12501http://www.securityfocus.com/bid/27083https://exchange.xforce.ibmcloud.com/vulnerabilities/19272https://exchange.xforce.ibmcloud.com/vulnerabilities/39348https://www.exploit-db.com/exploits/4822http://seclists.org/lists/bugtraq/2005/Feb/0125.htmlhttp://secunia.com/advisories/14205http://securitytracker.com/id?1013136http://www.securityfocus.com/bid/12501http://www.securityfocus.com/bid/27083https://exchange.xforce.ibmcloud.com/vulnerabilities/19272https://exchange.xforce.ibmcloud.com/vulnerabilities/39348https://www.exploit-db.com/exploits/4822
2005-04-27
Published