cpe:/a:rbl:tforum:2.00 CVE-2007-0642 2007-01-31T16:28:00.000-05:00 2017-07-28T21:30:18.987-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-02-01T14:57:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070127 RBL - ASP (scripts with db) SQL injection BUGTRAQ 20070129 RBL - ASP (scripts with db) SQL injection VIM 20070131 Partial source code verify - "RBL - ASP" scripts SQL injection SREASON 2201 BID 22350 OSVDB 36040 MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2607 XF rbl-userpass-sql-injection(31927) SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.