CVE-2008-3191

N/A Unknown
Published: July 16, 2008 Modified: April 23, 2026
View on NVD

Description

Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://securityreason.com/securityalert/4003
Source: cve@mitre.org
http://www.securityfocus.com/bid/30214
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/43757
Source: cve@mitre.org
https://www.exploit-db.com/exploits/6068
Source: cve@mitre.org
http://securityreason.com/securityalert/4003
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/30214
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/43757
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/6068
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-89

Affected Vendors

marcioforum

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A