Vulnerabilities > CVE-2005-2048 - Unspecified vulnerability in Duware Duforum 3.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description DUware DUforum 3.0/3.1 forums.asp iFor Parameter SQL Injection. CVE-2005-2048. Webapps exploit for asp platform id EDB-ID:25870 last seen 2016-02-03 modified 2005-06-22 published 2005-06-22 reporter Dedi Dwianto source https://www.exploit-db.com/download/25870/ title DUware DUforum 3.0/3.1 forums.asp iFor Parameter SQL Injection description DUware DUforum 3.0/3.1 messages.asp iMsg Parameter SQL Injection. CVE-2005-2048 . Webapps exploit for asp platform id EDB-ID:25868 last seen 2016-02-03 modified 2005-06-22 published 2005-06-22 reporter Dedi Dwianto source https://www.exploit-db.com/download/25868/ title DUware DUforum 3.0/3.1 messages.asp iMsg Parameter SQL Injection description DUware DUforum 3.0/3.1 post.asp iFor Parameter SQL Injection. CVE-2005-2048. Webapps exploit for asp platform id EDB-ID:25869 last seen 2016-02-03 modified 2005-06-22 published 2005-06-22 reporter Dedi Dwianto source https://www.exploit-db.com/download/25869/ title DUware DUforum 3.0/3.1 post.asp iFor Parameter SQL Injection
Nessus
NASL family | CGI abuses |
NASL id | DUFORUM_SQL_INJECTIONS.NASL |
description | The remote host is running DUforum, a web-based message board written in ASP from DUware. The installed version of DUforum fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18567 |
published | 2005-06-28 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18567 |
title | DUforum Multiple Scripts SQL Injection |
code |
|
References
- http://echo.or.id/adv/adv19-theday-2005.txt
- http://echo.or.id/adv/adv19-theday-2005.txt
- http://marc.info/?l=bugtraq&m=111945219205114&w=2
- http://marc.info/?l=bugtraq&m=111945219205114&w=2
- http://www.securityfocus.com/archive/1/453330/100/0/threaded
- http://www.securityfocus.com/archive/1/453330/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30668
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30668