Intrusion Prevention

Philboard.Philboardforum.Asp.SQL.Injection

Description

Philboard has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "philboard_forum.asp" script with injected SQL statements in the "forumid" parameter.

Affected Products

Philboard version 1.14 and prior.

Impact

Data Manipulation.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.nabocorp.com/nabopoll/

CVE References

CVE-2007-0920