Description

SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.

Remediation

References

CVE-2003-1530

Related Vulnerabilities

WordPress Plugin Flexible Custom Post Type Cross-Site Scripting (0.1.5)

Joomla! Core 3.x.x SQL Injection (3.0.0 - 3.4.6)

Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369)

Drupal Core 6.x Security Bypass (6.0 - 6.35)

SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17317)

Severity

High

Classification

CVE-2003-1530 CWE-138

Tags

Missing Update Known Vulnerabilities