← back
CVE-2004-1938

CVE-2004-1938

EPSS 1.2%
SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/24016unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=108239796512897&w=2http://secunia.com/advisories/11407https://exchange.xforce.ibmcloud.com/vulnerabilities/15894http://www.securityfocus.com/bid/10173http://www.waraxe.us/index.php?modname=sa&id=19