CVE-2008-6777

N/A Unknown
Published: May 01, 2009 Modified: April 23, 2026
View on NVD

Description

Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/28280
Source: cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/31995
Source: cve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46238
Source: cve@mitre.org
https://www.exploit-db.com/exploits/6879
Source: cve@mitre.org
http://secunia.com/advisories/28280
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/31995
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46238
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/6879
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.3%
57th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-89

Affected Vendors

myphp

Related CVEs

CVE-2026-7015 2.4
CVE-2026-7014 2.4
CVE-2026-7013 2.4
CVE-2026-42254 4.0
CVE-2026-7012 2.4