Multiple SQL Injection Vulnerabilities in DUware DUforum 3.1 and Earlier Versions

Multiple SQL Injection Vulnerabilities in DUware DUforum 3.1 and Earlier Versions

CVE-2005-2048 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.