header-logo
Suggest Exploit
vendor:
PHP Forum Script
by:
Ihsan Sencan
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP Forum Script
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: NO
Related CWE: N/A
CPE: a:phpjabbers:php_forum_script
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

PHP Forum Script v3.0 – SQL Injection

An attacker can exploit a SQL injection vulnerability in PHP Forum Script v3.0 by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the backend database, potentially resulting in the manipulation or disclosure of application data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Developers should also use parameterized queries to prevent SQL injection.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: PHP Forum Script v3.0 - SQL Injection
# Google Dork: N/A
# Date: 11.03.2017
# Vendor Homepage: https://www.phpjabbers.com/
# Software: https://www.phpjabbers.com/php-forum-script/
# Demo: http://demo.phpjabbers.com/index.php?demo=pfs&front=1&lid=1
# Version: 3.0
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail: ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/preview.php?controller=pjLoad&action=pjActionIndex&question_search=1&column=[SQL]created&direction=DESC
# Etc..
# # # # #

Navigation

Suggest Exploit

Services By CQR