vendor:
SFS Forum
by:
Boom3rang and Darckc0de
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SFS Forum
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
SFS Forum (forum.php id) Remote SQL Injection Vulnerability
A remote SQL injection vulnerability exists in SFS Forum (forum.php id). An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and emails. The vulnerability is due to improper sanitization of user-supplied input to the 'forum' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized. Additionally, the application should be configured to use the least privileged account with the fewest privileges necessary.
