Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.

"MyPHP论坛1.0中的多个SQL注入漏洞允许远程攻击者通过(1)论坛.php中的fid,(2)成员.php中的成员参数，(3)忘记.php中的email参数或(4)include.php中的nbuser或nbpass参数执行任意SQL命令。请注意：后来报告说， vector 2存在于3.0及更早版本中。"

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）