Vulnerabilities > CVE-2005-2323 - SQL-Injection vulnerability in Class-1 Forum

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

class-1

clever-copy

exploit available

NVD

Published: 2005-07-19

Updated: 2008-09-05

Summary

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.

Vulnerable Configurations

Part	Description	Count
Application	Class-1 Class 1 Class 1 Forum 0.23.2 Class 1 Class 1 Forum 0.24.4	2
Application	Clever_Copy Clever Copy Clever Copy *	1

Exploit-Db

description	phpMyFamily <= 1.4.0 SQL Injection Exploit. CVE-2005-2323. Webapps exploit for php platform
id	EDB-ID:1208
last seen	2016-01-31
modified	2005-03-27
published	2005-03-27
reporter	basher13
source	https://www.exploit-db.com/download/1208/
title	phpMyFamily <= 1.4.0 - SQL Injection Exploit

Summary

Vulnerable Configurations

Exploit-Db

References