Vulnerabilities > CVE-2005-3872 - SQL Injection vulnerability in UGroup

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ugroup

exploit available

NVD

Published: 2005-11-29

Updated: 2011-03-08

Summary

Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php.

Vulnerable Configurations

Part	Description	Count
Application	Ugroup Ugroup Ugroup *	1

Exploit-Db

description	UGroup 2.6.2 forum.php FORUM_ID Parameter SQL Injection. CVE-2005-3872 . Webapps exploit for php platform
id	EDB-ID:26626
last seen	2016-02-03
modified	2005-11-28
published	2005-11-28
reporter	r0t
source	https://www.exploit-db.com/download/26626/
title	UGroup 2.6.2 forum.php FORUM_ID Parameter SQL Injection

description	UGroup 2.6.2 topic.php Multiple Parameter SQL Injection. CVE-2005-3872. Webapps exploit for php platform
id	EDB-ID:26627
last seen	2016-02-03
modified	2005-11-28
published	2005-11-28
reporter	r0t
source	https://www.exploit-db.com/download/26627/
title	UGroup 2.6.2 topic.php Multiple Parameter SQL Injection

Summary

Vulnerable Configurations

Exploit-Db

References