SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as %2527, which is translated to , as demonstrated using the phorum_uriauth parameter to list.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phorum | Phorum | 3.4.7 (including) | 3.4.7 (including) |
Phorum | Phorum | 3.4.8 (including) | 3.4.8 (including) |