Vulnerabilities > CVE-2005-3872 - SQL Injection vulnerability in UGroup
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description UGroup 2.6.2 forum.php FORUM_ID Parameter SQL Injection. CVE-2005-3872 . Webapps exploit for php platform id EDB-ID:26626 last seen 2016-02-03 modified 2005-11-28 published 2005-11-28 reporter r0t source https://www.exploit-db.com/download/26626/ title UGroup 2.6.2 forum.php FORUM_ID Parameter SQL Injection description UGroup 2.6.2 topic.php Multiple Parameter SQL Injection. CVE-2005-3872. Webapps exploit for php platform id EDB-ID:26627 last seen 2016-02-03 modified 2005-11-28 published 2005-11-28 reporter r0t source https://www.exploit-db.com/download/26627/ title UGroup 2.6.2 topic.php Multiple Parameter SQL Injection