FKIE_CVE-2008-1486

Vulnerability from fkie_nvd - Published: 2008-03-24 23:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
References
cve@mitre.orghttp://secunia.com/advisories/29519Vendor Advisory
cve@mitre.orghttp://www.phorum.org/phorum5/read.php?64%2C126815%2C126815
cve@mitre.orghttp://www.securityfocus.com/bid/28540
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41418
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29519Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.phorum.org/phorum5/read.php?64%2C126815%2C126815
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28540
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41418
Impacted products
Vendor Product Version
phorum phorum *
phorum phorum 5.0.0_alpha
phorum phorum 5.0.1_alpha
phorum phorum 5.0.2_alpha
phorum phorum 5.0.3_beta
phorum phorum 5.0.4_beta
phorum phorum 5.0.4a_beta
phorum phorum 5.0.5_beta
phorum phorum 5.0.6_beta
phorum phorum 5.0.7_beta
phorum phorum 5.0.7a_beta
phorum phorum 5.0.8_rc
phorum phorum 5.0.9
phorum phorum 5.0.10
phorum phorum 5.0.11
phorum phorum 5.0.12
phorum phorum 5.0.13
phorum phorum 5.0.13a
phorum phorum 5.0.14
phorum phorum 5.0.14a
phorum phorum 5.0.15
phorum phorum 5.0.15a
phorum phorum 5.0.16
phorum phorum 5.0.17
phorum phorum 5.0.17a
phorum phorum 5.0.18
phorum phorum 5.0.19
phorum phorum 5.0.20
phorum phorum 5.1.13
phorum phorum 5.1.14
phorum phorum 5.1.17
phorum phorum 5.1.18
phorum phorum 5.1.20
phorum phorum 5.1.21
phorum phorum 5.1.25
phorum phorum 5.2
phorum phorum 5.2.1
phorum phorum 5.2.2
phorum phorum 5.2.3
phorum phorum 5.2.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F00681-EE3F-40FA-B516-19C64B76B973",
              "versionEndIncluding": "5.2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E2C5A7-8B52-4BDF-80F1-5D45AEBE6E25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8DF602-0A22-45A9-A286-C237180701C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB109C36-BF0F-41E3-A1F4-0DB264BD4A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A31EA2D-2B01-4928-9B3E-9D666FD2758B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87DE16C-7C68-4DA8-9BD9-C61D74E61D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "5001527E-FE93-4BE7-BF79-7717D64CAF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "D15ED599-6B84-4E03-8BA4-36E1D55F1F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "D491A2B9-949A-4A56-A41F-23A222C03BA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "01CFDB0B-6FBD-49F3-8238-81E92661297E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC73A23F-2399-41B0-B6BD-289DF63F2C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD59DD99-1FC7-498B-9EA1-1AA8FE132EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1655572D-7D56-4D9D-9E0F-A67DF23FC934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "387E0B83-B240-4922-8C57-CE0CDB000888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02321D7-2F3E-40F9-9A76-CFF339C93199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B908D49-F64A-488F-95F3-163AB9DAB02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A26F8E5-0FFE-473D-BDA1-2D5340B5A4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF0655C-7C83-4363-A444-993B35D7A7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D0F7C4-902D-4186-8EFF-3876D6D6633E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F87C476-6A55-4B19-97B0-24204E96A63E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D0AC3E-97F7-4A13-8E65-7E424D055E38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D184385A-763A-4971-8051-20564D020787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "04B508F8-CFCC-4841-BF70-1ABB28EB1ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C365D62D-ACB1-44D3-935D-F79A79642684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4B45305-FF8B-42F8-A726-F8604BADC323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F4AB87-2D63-4208-8982-BBF978392285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "149A6B5A-84FC-4B6F-B053-0AC881BC03D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "375346D4-CEA4-4BAE-83DF-639E86C3DECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C6E0429-3241-47B0-B853-66D3167CE4F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "121F0F96-F901-479F-A64F-3DAE1AC0AFAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "F837829B-28E5-41B3-9A23-C4D4A7FE636A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "700B9165-B956-4CAB-B980-42885FFA418F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4C4E79D-EBE6-456C-A74F-B94F32736383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3596808-8399-4EA9-B885-5443CA91C3C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "B5409C8A-8B57-48FB-B01E-411C00153E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74DB422C-E79C-46B2-BB52-8C457822A0BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "37881B2C-0CD0-4E2A-A11D-9758772640E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Phorum versiones anteriores a 5.2.6, cuando la funci\u00f3n mysql_use_ft est\u00e1 deshabilitado, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la b\u00fasqueda sin texto completo."
    }
  ],
  "id": "CVE-2008-1486",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-24T23:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29519"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.phorum.org/phorum5/read.php?64%2C126815%2C126815"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28540"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.phorum.org/phorum5/read.php?64%2C126815%2C126815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41418"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.