CVE-2008-3191

critical

Description

Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.

References

https://www.exploit-db.com/exploits/6068

https://exchange.xforce.ibmcloud.com/vulnerabilities/43757

http://www.securityfocus.com/bid/30214

http://securityreason.com/securityalert/4003

Details

Source: Mitre, NVD

Published: 2008-07-16

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00144