Vulnerability Details CVE-2005-2048
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://echo.or.id/adv/adv19-theday-2005.txt
- http://marc.info/?l=bugtraq&m=111945219205114&w=2
- http://www.securityfocus.com/archive/1/453330/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30668
- http://echo.or.id/adv/adv19-theday-2005.txt
- http://marc.info/?l=bugtraq&m=111945219205114&w=2
- http://www.securityfocus.com/archive/1/453330/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30668