Philboard.Philboardforum.Asp.SQL.Injection

Release Date Mar 01, 2007
Severity medium
Impact Data Manipulation.
Description Philboard has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "philboard_forum.asp" script with injected SQL statements in the "forumid" parameter.
Affected Products Philboard version 1.14 and prior.
Recommended Actions Currently we are not aware of any vendor-supplied patches for this issue. http://www.nabocorp.com/nabopoll/
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2007-0920
Reference/s http://www.securityfocus.com/bid/22532 (BugTraq)

Fortinet