CVE-2007-5688

Summary

Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.

Impact & exploitability

AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected products we track (1)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://secunia.com/advisories/27406Advisory
• http://www.securityfocus.com/archive/1/482838/100/0/threaded
• https://exchange.xforce.ibmcloud.com/vulnerabilities/37461
• http://www.inj3ct-it.org/exploit/Multi_Host.txtExploit
• http://www.securityfocus.com/bid/26213Exploit