Description

Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.

Remediation

References

CVE-2007-5688

Related Vulnerabilities

WordPress Plugin Custom Global Variables Cross-Site Scripting (1.0.5)

Oracle Database Server CVE-2006-0286 Vulnerability (CVE-2006-0286)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3464)

Ruby Improper Input Validation Vulnerability (CVE-2008-3657)

WordPress Plugin WP Photo Album Plus Multiple Cross-Site Scripting Vulnerabilities (5.4.4)

Severity

High

Classification

CVE-2007-5688 CWE-138

Tags

Missing Update Known Vulnerabilities