Vulnerabilities > CVE-2005-3815 - SQL Injection vulnerability in Orca Forum Forum.PHP

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

greywyvern

exploit available

NVD

Published: 2005-11-26

Updated: 2011-03-08

Summary

SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.

Vulnerable Configurations

Part	Description	Count
Application	Greywyvern Greywyvern Orca Forum *	1

Exploit-Db

description	Orca Forum 4.3 Forum.PHP SQL Injection Vulnerability. CVE-2005-3815. Webapps exploit for php platform
id	EDB-ID:26588
last seen	2016-02-03
modified	2005-11-24
published	2005-11-24
reporter	r0t3d3Vil
source	https://www.exploit-db.com/download/26588/
title	Orca Forum 4.3 Forum.PHP SQL Injection Vulnerability

References

http://pridels0.blogspot.com/2005/11/orca-forum-43x-msg-sql-inj.html
http://secunia.com/advisories/17721
http://www.osvdb.org/21085
http://www.securityfocus.com/bid/15565
http://www.vupen.com/english/advisories/2005/2572