SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.
Score: 0.0
Priority: Unclassified
Score: 0.0109
Percentile:
0.76965
CVSS v2 Score: 7.5
Severity: