NuytsTech Security

CVE-2008-3191

by ·

Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.

Date published : 2008-07-16

http://www.securityfocus.com/bid/30214

https://www.exploit-db.com/exploits/6068

Tags: