pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2003-04-02T05:00:00
Updated: 2024-08-08T02:42:28.986Z
Reserved: 2002-05-01T00:00:00
Link: CVE-2002-0287
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-05-31T04:00:00.000
Modified: 2024-11-20T23:38:44.197
Link: CVE-2002-0287
Redhat
No data.