CVE-2002-0287
Summary
| CVE | CVE-2002-0287 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-05-31 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. |
Risk And Classification
Primary CVSS: v2.0 10 from [email protected]
AV:N/AC:L/Au:N/C:C/I:C/A:C
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ISS X-Force Database: pforum-quotes-sql-injection (8203): PFORUM allows SQL injection attack using "Magic Quotes" | af854a3a-2127-422b-91ae-364da2661108 | www.iss.net | |
| 404 – Nicht gefunden | Powie's Tech Blog | af854a3a-2127-422b-91ae-364da2661108 | www.powie.de | Patch |
| Powie's PForum SQL Injection User Authentication Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| 'pforum: mysql-injection-bug' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.