{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-02-16T00:00:00", "descriptions": [{"lang": "en", "value": "pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-03-20T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20020216 pforum: mysql-injection-bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101389284625019&w=2"}, {"name": "pforum-quotes-sql-injection(8203)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8203.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.powie.de/news/index.php"}, {"name": "4114", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4114"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0287", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20020216 pforum: mysql-injection-bug", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101389284625019&w=2"}, {"name": "pforum-quotes-sql-injection(8203)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8203.php"}, {"name": "http://www.powie.de/news/index.php", "refsource": "CONFIRM", "url": "http://www.powie.de/news/index.php"}, {"name": "4114", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4114"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:42:28.986Z"}, "title": "CVE Program Container", "references": [{"name": "20020216 pforum: mysql-injection-bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=101389284625019&w=2"}, {"name": "pforum-quotes-sql-injection(8203)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8203.php"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.powie.de/news/index.php"}, {"name": "4114", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4114"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0287", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-05-01T00:00:00", "dateUpdated": "2024-08-08T02:42:28.986Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powie:pforum:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3A52CF4-F5C1-40F3-A148-A537F23865B9", "versionEndIncluding": "1.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default."}, {"lang": "es", "value": "pforum 1.14 y anteriores no habilita expl\u00edcitamente las comillas m\u00e1gicas (magic quotes) PHP quotes, lo que permite a atacantes remotos evitar la autenticaci\u00f3n y ganar privilegios de administrador mediante un ataque de inyecci\u00f3n de SQL cuando el servidor no est\u00e1 configurado para usar las comillas m\u00e1gicas."}], "id": "CVE-2002-0287", "lastModified": "2016-10-18T02:18:24.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-05-31T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101389284625019&w=2"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8203.php"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.powie.de/news/index.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4114"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}