CVE-2005-0413

critical

Description

Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.

References

https://www.exploit-db.com/exploits/4822

https://exchange.xforce.ibmcloud.com/vulnerabilities/39348

https://exchange.xforce.ibmcloud.com/vulnerabilities/19272

http://www.securityfocus.com/bid/27083

http://www.securityfocus.com/bid/12501

http://secunia.com/advisories/14205

Details

Source: Mitre, NVD

Published: 2005-04-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02569