| VID |
21567 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Chipmunk Forum is vulnerable to an SQL injection vulnerability in the 'getpassword.php'. Chipmunk Forum is a web-based forum program written in PHP. Chipmunk Forum versions prior to 1.3 allow a remote attacker to execute arbitrary SQL commands, caused by improper filtering of user-supplied input to the 'email' parameter of the getpassword.php script. This vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://www.securiteam.com/unixfocus/5WP041PEUM.html
* Platforms Affected:
Chipmunk, Chipmunk Forum versions prior to 1.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Chipmunk Forum (1.3 or later) available from the Chipmunk Forum Web site at http://www.chipmunk-scripts.com |
| Related URL |
(CVE) |
| Related URL |
12456 (SecurityFocus) |
| Related URL |
19231 (ISS) |
|
