{"api_version":"1","generated_at":"2026-05-15T20:22:08+00:00","cve":"CVE-2007-5688","urls":{"html":"https://cve.report/CVE-2007-5688","api":"https://cve.report/api/cve/CVE-2007-5688.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-5688","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-5688"},"summary":{"title":"CVE-2007-5688","description":"Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-10-29 19:46:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-89","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/archive/1/482838/100/0/threaded","name":"http://www.securityfocus.com/archive/1/482838/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27406","name":"http://secunia.com/advisories/27406","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Multi-Forums Multiple SQL Injection Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/26213","name":"http://www.securityfocus.com/bid/26213","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Multi-Forums Directory.PHP Multiple SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37461","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37461","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.inj3ct-it.org/exploit/Multi_Host.txt","name":"http://www.inj3ct-it.org/exploit/Multi_Host.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"SecPoint Cyber Security Vulnerability Scanning UTM Firewall WiFi","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-5688","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5688","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"5688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"invision_power_services","cpe5":"invision_power_board","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"phpbb","cpe5":"phpbb","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sebflipper","cpe5":"multi-forums_module","cpe6":"1.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T15:39:13.608Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"26213","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/26213"},{"name":"phpbb-multiforums-sql-injection(37461)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"},{"name":"27406","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27406"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.inj3ct-it.org/exploit/Multi_Host.txt"},{"name":"20071025 Multi Host Forum Pro phpbb & ipb Multiple Sql Injection","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/482838/100/0/threaded"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-10-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-15T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"26213","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/26213"},{"name":"phpbb-multiforums-sql-injection(37461)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"},{"name":"27406","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27406"},{"tags":["x_refsource_MISC"],"url":"http://www.inj3ct-it.org/exploit/Multi_Host.txt"},{"name":"20071025 Multi Host Forum Pro phpbb & ipb Multiple Sql Injection","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/482838/100/0/threaded"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-5688","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"26213","refsource":"BID","url":"http://www.securityfocus.com/bid/26213"},{"name":"phpbb-multiforums-sql-injection(37461)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"},{"name":"27406","refsource":"SECUNIA","url":"http://secunia.com/advisories/27406"},{"name":"http://www.inj3ct-it.org/exploit/Multi_Host.txt","refsource":"MISC","url":"http://www.inj3ct-it.org/exploit/Multi_Host.txt"},{"name":"20071025 Multi Host Forum Pro phpbb & ipb Multiple Sql Injection","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/482838/100/0/threaded"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-5688","datePublished":"2007-10-29T19:00:00.000Z","dateReserved":"2007-10-29T00:00:00.000Z","dateUpdated":"2024-08-07T15:39:13.608Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-10-29 19:46:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-89","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*","matchCriteriaId":"97F5B0EB-44D4-47C6-BEF9-E17787061471"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*","matchCriteriaId":"8370A82D-83E8-4A70-8D04-1FCC6D24CAFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sebflipper:multi-forums_module:1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"076B4D89-3928-4017-95E9-7EA1D27D0B3B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"5688","Ordinal":"1","Title":"CVE-2007-5688","CVE":"CVE-2007-5688","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"5688","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.","Type":"Description","Title":"CVE-2007-5688"},{"CveYear":"2007","CveId":"5688","Ordinal":"2","NoteData":"2007-10-29","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"5688","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}