← CVECheck
HomeVulnerabilities

CVE-2004-1938 — HIGH severity vulnerability (SQL injection vulnerability in userlogin.php in Phorum 3.4.7)

SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.

CVE IDCVE-2004-1938
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2004-04-19
Last modified2026-04-16
DescriptionSQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →